Lucene search
K

203 matches found

CVE
CVE
added 2024/04/30 9:33 a.m.60 views

CVE-2024-4337

CVE-2024-4337 affects Adive Framework 2.0.8. The root cause is insufficient encoding of user-controlled inputs, causing a persistent XSS vulnerability via the /adive/admin/nav/add endpoint across multiple parameters. This can enable an attacker to retrieve authenticated user session details. Publ...

7.6CVSS5.6AI score0.00383EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/30 9:33 a.m.12 views

CVE-2024-4337 Múltiple vulnerabilities on Adive Framework

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user...

7.6CVSS5.8AI score0.00383EPSS
Exploits0References1
NVD
NVD
added 2024/03/12 1:15 a.m.33 views

CVE-2024-27902

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

6.1CVSS5.3AI score0.00474EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/12 12:45 a.m.21 views

CVE-2024-27902 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

5.4CVSS6AI score0.00474EPSS
Exploits0References2
NVD
NVD
added 2024/02/13 3:15 a.m.24 views

CVE-2024-24742

SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker wi...

4.1CVSS4.2AI score0.00329EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/13 2:42 a.m.26 views

CVE-2024-24742 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker wi...

4.1CVSS6.1AI score0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/13 2:42 a.m.35 views

CVE-2024-24742 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker wi...

4.1CVSS4.5AI score0.00329EPSS
Exploits0References2
NVD
NVD
added 2024/02/02 10:15 a.m.21 views

CVE-2024-23895

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerabilit...

8.2CVSS7.2AI score0.00499EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/02 9:18 a.m.21 views

CVE-2024-23895 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerabilit...

8.2CVSS7.2AI score0.00499EPSS
Exploits0References1
NVD
NVD
added 2024/01/26 11:15 a.m.25 views

CVE-2024-23894

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this...

8.2CVSS7.2AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2024/01/26 11:15 a.m.25 views

CVE-2024-23896

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allo...

8.2CVSS7.2AI score0.00489EPSS
Exploits0References1
NVD
NVD
added 2024/01/26 11:15 a.m.23 views

CVE-2024-23890

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability...

8.2CVSS7.2AI score0.00398EPSS
Exploits0References1
Prion
Prion
added 2024/01/26 11:15 a.m.24 views

Cross site scripting

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability...

5.8CVSS6AI score0.00398EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/01/26 11:15 a.m.17 views

Cross site scripting

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this...

5.8CVSS6AI score0.00399EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/01/26 11:15 a.m.17 views

Cross site scripting

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this...

5.8CVSS6AI score0.00437EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/01/26 11:15 a.m.18 views

Cross site scripting

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this...

5.8CVSS6AI score0.00437EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/26 10:18 a.m.23 views

CVE-2024-23896 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allo...

8.2CVSS7.2AI score0.00489EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/26 10:18 a.m.25 views

CVE-2024-23894 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this...

8.2CVSS7.2AI score0.00437EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/26 10:17 a.m.25 views

CVE-2024-23893 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this...

8.2CVSS7.2AI score0.00437EPSS
Exploits0References1
CVE
CVE
added 2024/01/26 10:17 a.m.57 views

CVE-2024-23893

CVE-2024-23893 affects Cups Easy (Purchase & Inventory) v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the costcenterid parameter of /cupseasylive/costcentermodify.php caused by insufficient encoding. An attacker could lure an authenticated user to click a crafted URL, potentiall...

8.2CVSS5.8AI score0.00437EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder