Lucene search
K

8183 matches found

UbuntuCve
UbuntuCve
added 2020/09/14 8:15 p.m.15 views

CVE-2020-13311

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...

4.3CVSS5.9AI score0.01498EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/09/14 7:47 p.m.26 views

CVE-2020-13311

Removed by vendor...

4.3CVSS5.8AI score0.01498EPSS
Exploits0
Cvelist
Cvelist
added 2020/09/14 7:47 p.m.20 views

CVE-2020-13311

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...

4.3CVSS4.5AI score0.01498EPSS
Exploits0References3
CVE
CVE
added 2020/09/14 7:47 p.m.84 views

CVE-2020-13311

CVE-2020-13311 affects GitLab versions prior to 13.1.10, 13.2.8, and 13.3.4, where the Wiki parser can be attacked, preventing access to Wiki functionality via the UI. The issue is defined as a Wiki parser attack that blocks UI access, with reported CVSS metrics (v2: 4.0 MEDIUM; v3.1: 4.3 MEDIUM)...

4.3CVSS4.4AI score0.01498EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/09/14 12:0 a.m.3 views

IBM Engineering Requirements Management DOORS Next Cross-Site Scripting Vulnerability

IBM Engineering Requirements Management DOORS Next is a scalable solution that helps optimize communication and collaboration among teams and project stakeholders to maximize productivity and quality. A cross-site scripting vulnerability exists in the IBM Engineering Requirements Management DOORS...

5.4CVSS6.1AI score0.00561EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/14 12:0 a.m.2 views

IBM Jazz Team Server Web UI Cross-Site Scripting Vulnerability

IBM Jazz is a next-generation collaboration platform for software delivery technology from IBM Rational. A cross-site scripting vulnerability exists in the IBM Jazz Team Server Web UI, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain...

5.4CVSS6.1AI score0.00561EPSS
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2020/09/13 12:0 a.m.90 views

GNOME Shell: Information disclosure

Background GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications. Description It was discovered that GNOME Shell incorrectly handled the login screen password dialog. Impact Please review the referenced CVE identifiers for...

4.3CVSS1.2AI score0.00553EPSS
Exploits1
OSV
OSV
added 2020/09/10 5:15 p.m.2 views

CVE-2020-4578

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS6AI score0.00708EPSS
Exploits0References2
OSV
OSV
added 2020/09/10 5:15 p.m.13 views

CVE-2020-24582

Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface...

6.1CVSS6AI score
Exploits0References1
Prion
Prion
added 2020/09/10 5:15 p.m.13 views

Cross site scripting

Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface...

4.3CVSS6AI score0.00685EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/10 4:11 p.m.41 views

CVE-2020-24582

Zulip Desktop prior to version 5.4.3 is affected by a cross-site scripting (XSS) vulnerability. The issue arises from mishandled string escaping during the construction of the HTML for the user interface, enabling injection of malicious content in the desktop client. The CVE entry covers this as ...

6.1CVSS5.9AI score0.00685EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/10 4:11 p.m.14 views

CVE-2020-24582

Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface...

6.1AI score0.00685EPSS
Exploits0References1
OSV
OSV
added 2020/09/09 1:15 p.m.3 views

CVE-2020-6326

SAP NetWeaver Knowledge Management, version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting...

5.4CVSS6.5AI score0.00648EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2020/09/08 12:0 a.m.46 views

KLA11953 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability Microsoft Dynamics 365 On-Premise can be...

8.8CVSS7.6AI score0.0335EPSS
Exploits0References14
CNVD
CNVD
added 2020/09/08 12:0 a.m.3 views

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2020-50801)

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server version 11.7, which can be...

6.4CVSS6AI score0.00561EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/07 12:0 a.m.1 views

IBM Engineering Test Management Cross-Site Scripting Vulnerability

IBM Engineering Test Management is a collaborative, Web-based quality management solution that provides end-to-end test planning and test asset management. A cross-site scripting vulnerability exists in IBM Engineering Test Management version 7.0.0. An attacker can exploit this vulnerability to...

5.4CVSS6.3AI score0.00561EPSS
Exploits0References1
OSV
OSV
added 2020/09/04 2:15 p.m.4 views

CVE-2020-4702

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS5.5AI score0.00561EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/04 12:0 a.m.43 views

Cisco Jabber for Windows Protocol Handler Command Injection (cisco-sa-jabber-vY8M4KGB)

According to its self-reported version, Cisco Jabber for Windows is affected by a Windows Protocol Handler Command Injection vulnerability. The vulnerability exists in the web-based user interface due to improper handling of input to the application protocol handlers. An unathenticated, remote...

9.3CVSS8.6AI score0.03902EPSS
Exploits0References3
OSV
OSV
added 2020/09/02 7:15 p.m.2 views

CVE-2020-4546

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314...

5.4CVSS5.7AI score0.00561EPSS
Exploits0References2
CNVD
CNVD
added 2020/09/02 12:0 a.m.2 views

IBM Engineering Requirements Management DOORS Next Generation Cross-Site Scripting Vulnerability

IBM Engineering Requirements Management DOORS Next Generation is a requirements management tool that provides a smarter way to define, track, analyze and manage requirements. A cross-site scripting vulnerability exists in IBM Engineering Requirements Management DOORS Next Generation version 7.0,...

5.4CVSS6.3AI score0.00561EPSS
Exploits0References1
Rows per page
Query Builder