Lucene search
+L

38 matches found

prion
prion
added 2022/03/17 12:15 p.m.13 views

Design/Logic Flaw

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatt...

7.5CVSS9.5AI score0.01695EPSS
Exploits1References3
prion
prion
added 2021/08/13 2:15 p.m.18 views

Cross site scripting

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting XSS on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp with view= and data=...

4.3CVSS6AI score0.01561EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2021/06/24 1:49 p.m.24 views

CVE-2021-27658 exacqVision Enterprise Manager CSS

exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users...

4.3CVSS5.7AI score0.0089EPSS
Exploits0References3
redhatcve
redhatcve
added 2021/03/05 8:58 p.m.53 views

CVE-2020-28502

An arbitrary code injection vulnerability was found in nodejs-xmlhttprequest. For this vulnerability to occur, the connection must be initialized during the function call XMLHttpRequest.open to send requests synchronously using the parameter async=False. If the subsequent calls to xhr.send...

8.1CVSS3.2AI score0.04646EPSS
Exploits2References5
prion
prion
added 2020/09/18 6:15 p.m.11 views

Design/Logic Flaw

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users...

2.7CVSS4.3AI score0.00472EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2020/09/11 1:15 p.m.49 views

CVE-2020-16218

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...

3.5CVSS0.00658EPSS
Exploits0References2
cve
cve
added 2020/07/29 12:29 p.m.42 views

CVE-2020-14492

OpenClinic GA is affected by CVE-2020-14492 (XSS) in versions 5.09.02 and 5.89.05b. The root cause is improper neutralization of user-controllable input in web page generation, enabling execution of malicious code in the user’s browser. The ICS/CISA advisory confirms multiple vulnerabilities in t...

6.1CVSS6.4AI score0.01216EPSS
Exploits0References1Affected Software1
prion
prion
added 2020/03/30 10:15 p.m.15 views

Cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...

3.5CVSS6.1AI score0.00917EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2020/03/30 8:50 p.m.20 views

CVE-2019-9509 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...

6.3CVSS6.8AI score0.00917EPSS
Exploits0References2
nvd
nvd
added 2018/09/26 7:29 p.m.19 views

CVE-2018-8846

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users...

6.1CVSS6.2AI score0.01259EPSS
Exploits0References3
cvelist
cvelist
added 2018/09/26 7:0 p.m.22 views

CVE-2018-8846

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users...

5.9AI score0.01259EPSS
Exploits0References3
wpvulndb
wpvulndb
added 2018/02/22 12:0 a.m.12 views

Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)

User controllable input in the admin page of Custom Permalinks gets output without any escaping. PoC URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks=...

0.9AI score
Exploits0Affected Software1
prion
prion
added 2017/04/05 8:59 p.m.20 views

Spoofing

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...

4.3CVSS4.6AI score0.01537EPSS
Exploits0References3Affected Software2
nvd
nvd
added 2017/04/05 8:59 p.m.26 views

CVE-2017-0888

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...

4.3CVSS4.5AI score0.01537EPSS
Exploits0References3
prion
prion
added 2017/02/13 9:59 p.m.19 views

Cross site scripting

An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting...

4.3CVSS6.8AI score0.00825EPSS
Exploits0References2
nextcloud
nextcloud
added 2017/02/05 12:0 a.m.34 views

Content-Spoofing in "files" app (NC-SA-2017-006)

The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...

4.3CVSS2.3AI score0.01537EPSS
Exploits0Affected Software1
owncloud
owncloud
added 2016/11/10 7:12 p.m.495 views

Content-Spoofing in "dav" app - ownCloud

The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. Affected Software ownCloud Server 9.1.2 CVE-2016-???? core/96b8afe48570bc70088ccd8f897e9d71997d336e ownCloud Server 9.0.6 CVE-2016-????...

6.6AI score
Exploits0Affected Software1
owncloud
owncloud
added 2016/11/10 11:59 a.m.495 views

Server: Content-Spoofing in "dav" app

The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

6.6AI score
Exploits0Affected Software1
Rows per page
Query Builder