Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2023/08/07 5:49 a.m.52 views

CVE-2023-3978

A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...

6.1CVSS6.4AI score0.00843EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.84 views

IBM Cognos Analytics Multiple Vulnerabilities (7012621)

The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 7 or 11.2.x prior to 11.2.4 FP2. It is, therefore, affected by multiple vulnerabilities, including the following: - netplex json-smart-v2 is vulnerable to a denial of service, caused by not limitin...

7.5CVSS7AI score0.14663EPSS
Exploits3References5
Prion
Prion
added 2023/07/24 2:15 p.m.16 views

Hardcoded credentials

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

4.9CVSS5.5AI score0.00389EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/03/25 7:15 p.m.18 views

Code injection

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

3.5CVSS5.5AI score0.00737EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/03/05 6:45 p.m.33 views

CVE-2020-4082

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...

5.6AI score0.0066EPSS
Exploits1References1
Atlassian
Atlassian
added 2012/05/13 12:43 p.m.27 views

persistent xss through svg file attachment download

The fix for CONF-22132 was not sufficient because "svg" files are not "said" to be xml by the isXml method. This means that is possible for a malicious party to upload a svg file containing html/javascript which will be rendered in victim's web browser. This bug should have been raised a while ag...

1.4AI score
Exploits0Affected Software1
Rows per page
Query Builder