Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2022/07/21 4:9 a.m.19 views

Cross-site Scripting (XSS)

markdown-it-decorate is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious scripts via user-provided parameters...

7.3CVSS6.1AI score0.00234EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2020/06/29 5:27 a.m.15 views

Cross-Site Scripting (XSS)

magento/community-edition is vulnerable to cross-site scripting XSS. Lack of sanitization of user-provided parameters allow an injection of malicious script which will be executed when the vulnerable page is loaded...

5.4CVSS3.8AI score0.00171EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2019/03/27 3:2 a.m.13 views

Cross-site Scripting(XSS)

com.liferay.knowledge.base.service is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not properly sanitize the user-provided parameters such as userId, allowing a remote attacker to inject arbitrary Javascript into the victim's browser...

6.1CVSS5.9AI score0.00247EPSS
Exploits3References3Affected Software2
Check Point Advisories
Check Point Advisoriesadded 2018/07/03 12:0 a.m.2 views

HPE Intelligent Management Center dbman RestoreZipFile Command Injection - Ver2 (CVE-2017-5821)

A command injection vulnerability exists in the dbman component of HPE Intelligent Management Center. The vulnerability is due to missing validation of user-provided parameters when handling RestoreZipFile commands. A remote, unauthenticated attacker can exploit the vulnerability by sending a...

10CVSS9.4AI score0.4452EPSS
Exploits0
Check Point Advisories
Check Point Advisoriesadded 2017/07/09 12:0 a.m.4 views

HPE Intelligent Management Center dbman BackupZipFile Command Injection (CVE-2017-5820)

A command injection vulnerability exist in the dbman component of HPE Intelligent Management Center. The vulnerability is due to missing validation of user-provided parameters when handling BackupZipFile commands. A remote, unauthenticated attacker can exploit the vulnerability by sending a...

10CVSS9.4AI score0.51056EPSS
Exploits0
Check Point Advisories
Check Point Advisoriesadded 2014/05/04 12:0 a.m.0 views

Nagios Remote Plugin Executor Command Injection

A command injection vulnerability has been found in Nagios Remote Plugin Executor. The vulnerability is due to insufficient validation of user-provided parameters containing newline characters. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on th...

8.5AI score
Exploits0
securityvulns
securityvulnsadded 2014/02/03 12:0 a.m.61 views

Joomla! JomSocial component < 3.1.0.1 - Remote code execution

------------------------------------------------------------- Joomla! JomSocial component 3.1.0.1 - Remote code execution ------------------------------------------------------------- == Description == - Software link: http://www.jomsocial.com/ - Affected versions: All versions = 2.6 and 3.1.0.1...

0.3AI score
Exploits0
Rows per page
Query Builder