Lucene search
K

87 matches found

Huntr
Huntr
added 2022/04/23 11:24 p.m.8 views

Cross-site Scripting (XSS) - Stored

Description he software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - login as an admin - go to...

0.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/03/18 12:1 a.m.20 views

Deserialization of Untrusted Data in SinGooCMS.Utility

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatt...

9.8CVSS5AI score0.01695EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2022/03/17 12:15 p.m.13 views

Design/Logic Flaw

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatt...

7.5CVSS9.5AI score0.01695EPSS
Exploits1References3
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.14 views

Arbitrary call

Handle Tomio Vulnerability details Impact In the https://github.com/code-423n4/2022-01-yield/blob/main/contracts/ConvexModule.solL15 the addVault take 2 parameters as input, convexStakingWrapper, and vaultId, however the convexStakingWrapper is user controllable therefore the user could make an...

7AI score
Exploits0
Prion
Prion
added 2021/08/13 2:15 p.m.17 views

Cross site scripting

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting XSS on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp with view= and data=...

4.3CVSS6AI score0.01548EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/08/04 11:15 p.m.15 views

Authentication flaw

Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies0. This issue was fixed in version 2.1.13 of the product...

5.5CVSS8.2AI score0.01068EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/04 10:20 p.m.22 views

CVE-2021-36801 Akaunting Authentication Bypass in Company Selection

Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies0. This issue was fixed in version 2.1.13 of the product...

8.1CVSS8.5AI score0.01068EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/06/24 1:49 p.m.24 views

CVE-2021-27658 exacqVision Enterprise Manager CSS

exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users...

4.3CVSS5.7AI score0.0089EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/03/05 8:58 p.m.53 views

CVE-2020-28502

An arbitrary code injection vulnerability was found in nodejs-xmlhttprequest. For this vulnerability to occur, the connection must be initialized during the function call XMLHttpRequest.open to send requests synchronously using the parameter async=False. If the subsequent calls to xhr.send...

8.1CVSS3.2AI score0.04646EPSS
Exploits2References5
Prion
Prion
added 2020/09/18 6:15 p.m.11 views

Design/Logic Flaw

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users...

2.7CVSS4.3AI score0.00445EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/09/11 1:15 p.m.48 views

CVE-2020-16218

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...

3.5CVSS0.00658EPSS
Exploits0References2
CVE
CVE
added 2020/07/29 12:29 p.m.42 views

CVE-2020-14492

OpenClinic GA is affected by CVE-2020-14492 (XSS) in versions 5.09.02 and 5.89.05b. The root cause is improper neutralization of user-controllable input in web page generation, enabling execution of malicious code in the user’s browser. The ICS/CISA advisory confirms multiple vulnerabilities in t...

6.1CVSS6.4AI score0.01216EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/03/30 10:15 p.m.13 views

Cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...

3.5CVSS6.1AI score0.00917EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/30 8:50 p.m.19 views

CVE-2019-9509 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...

6.3CVSS6.8AI score0.00917EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/12/14 6:19 a.m.64 views

Nord Security: Host header injection/redirection | signup and login page

Hey Team. There's a host header injection vulnerability in signup and login page. If possible, the application should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways: Remove the redirection function from the application,...

7.2AI score
Exploits0
NVD
NVD
added 2018/09/26 7:29 p.m.19 views

CVE-2018-8846

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users...

6.1CVSS6.2AI score0.01259EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/09/26 7:0 p.m.22 views

CVE-2018-8846

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users...

5.9AI score0.01259EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2018/02/22 12:0 a.m.12 views

Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)

User controllable input in the admin page of Custom Permalinks gets output without any escaping. PoC URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks=...

0.9AI score
Exploits0Affected Software1
NVD
NVD
added 2017/04/05 8:59 p.m.26 views

CVE-2017-0888

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...

4.3CVSS4.5AI score0.01537EPSS
Exploits0References3
Prion
Prion
added 2017/04/05 8:59 p.m.19 views

Spoofing

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...

4.3CVSS4.6AI score0.01537EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder