Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-33950

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00821EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1025

Malicious code in bioql PyPI...

7.4CVSS6.6AI score0.01008EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/13 5:33 p.m.7 views

CVE-2025-49585 XWiki does not require right warnings for XClass definitions

XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script,...

8.6CVSS6.5AI score0.0036EPSS
Exploits1References3
OSV
OSV
added 2025/04/29 2:5 p.m.8 views

GHSA-MVGM-3RW2-7J4R org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

Impact When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed afte...

9CVSS7AI score0.00298EPSS
Exploits0References5
NVD
NVD
added 2015/08/14 6:59 p.m.22 views

CVE-2015-5475

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

4.3CVSS5.6AI score0.02075EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2015/08/14 6:59 p.m.26 views

CVE-2015-5475

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

4.3CVSS7.3AI score0.02075EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2014/08/26 12:0 a.m.26 views

ntopng 1.2.0 - Cross-Site Scripting Injection

ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...

7.4AI score
Exploits0
Rows per page
Query Builder