35 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-25020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path ...
Short URL < 1.6.5 - Admin+ Cross Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. In the plugin settings, add the POC alert1 to the...
CVE-2022-38248
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting XSS vulnerabilities at auditlog.php...
CVE-2022-38248
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting XSS vulnerabilities at auditlog.php...
CVE-2022-38254
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...
CVE-2022-38248
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting XSS vulnerabilities at auditlog.php...
Cross site scripting
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting XSS vulnerabilities at auditlog.php...
CVE-2022-38248
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting XSS vulnerabilities at auditlog.php...
CVE-2022-38254
Nagios XI before v5.8.7 contains an XSS vulnerability in the ajax.php script within CCM 3.1.5. The issue allows injection of malicious scripts if a user visits or interacts with affected pages. Affected product: Nagios XI; affected component: ajax.php in CCM 3.1.5; root cause: cross‑site scriptin...
CVE-2022-38254
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...
CVE-2022-25018
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages...
CVE-2022-25020
A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...
CVE-2022-25018
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages...
CVE-2022-25018
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages...
Cross site scripting
A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...
Design/Logic Flaw
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages...
CVE-2022-25020
A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...
CVE-2022-25020
A cross-site scripting XSS vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post...
CVE-2022-25020
CVE-2022-25020 affects PluXML v5.8.7: an XSS vulnerability allows arbitrary web scripts/HTML via a crafted payload in the thumbnail path of a blog post. Affected component: thumbnail handling in PluXML; underlying cause per description is improper handling of input in the thumbnail path. Impact s...
CVE-2022-25020
Removed by vendor...