Lucene search
K

27433 matches found

Github Security Blog
Github Security Blog
added 2023/04/24 9:30 a.m.40 views

Cross-site Scripting in Backdrop CMS

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

4.8CVSS4.8AI score0.00536EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/04/24 8:15 a.m.22 views

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

4.8CVSS5AI score0.00536EPSS
Exploits1References2
Prion
Prion
added 2023/04/24 8:15 a.m.26 views

Cross site scripting

DISPUTED A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload i...

4.3CVSS4.8AI score0.00536EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2023/04/24 12:0 a.m.9 views

AeroCMS Cross-Site Scripting Vulnerability (CNVD-2023-32025)

AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 suffers from a cross-site scripting vulnerability that stems from the commentauthor and commentcontent parameters of /post.php failing to properly validate user input. An attacker can exploit this...

5.4CVSS6.2AI score0.00384EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/24 12:0 a.m.28 views

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

5.1AI score0.00536EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/24 12:0 a.m.20 views

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

5.4AI score0.00536EPSS
Exploits1References2
CNVD
CNVD
added 2023/04/23 12:0 a.m.11 views

Checkmk Cross-Site Scripting Vulnerability (CNVD-2023-32769)

Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk Appliance versions prior to 1.6.4, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML by injecti...

6.1CVSS6.2AI score0.00402EPSS
Exploits0References1
CNVD
CNVD
added 2023/04/20 12:0 a.m.25 views

chatwoot Cross-Site Scripting Vulnerability (CNVD-2023-29696)

chatwoot is an application. Customer Engagement Suite, an open source alternative to intercom, Zendesk, Salesforce Service Cloud, etc. A cross-site scripting vulnerability exists in chatwoot versions prior to 2.14.0. The vulnerability stems from the application's lack of effective filtering and...

5.9AI score0.00366EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/04/18 12:0 a.m.18 views

Campcodes Advanced Online Voting System Cross-Site Scripting Vulnerability

Campcodes Advanced Online Voting System is an online voting system. A cross-site scripting vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter title of the file...

6AI score0.00604EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2023/04/18 12:0 a.m.15 views

Campcodes Online Traffic Offense Management System Cross-Site Scripting Vulnerability (CNVD-2023-29408)

Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A cross-site scripting vulnerability exists in Campcodes Online Traffic Offense Management System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied...

6AI score0.00644EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2023/04/17 12:0 a.m.5 views

chatwoot 跨站脚本漏洞

chatwoot is an application. Customer Engagement Suite, an open source alternative to intercom, Zendesk, Salesforce Service Cloud, etc. A cross-site scripting vulnerability exists in chatwoot versions prior to 2.14.0. The vulnerability stems from the application's lack of effective filtering and...

6.1CVSS6.1AI score0.00366EPSS
Exploits0References3
CNVD
CNVD
added 2023/04/16 12:0 a.m.17 views

Online Computer and Laptop Store Cross-Site Scripting Vulnerability (CNVD-2023-29382)

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A cross-site scripting vulnerability exists in Online Computer and Laptop Store v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the Brand...

5.2AI score0.00646EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.3 views

Campcodes Advanced Online Voting System 跨站脚本漏洞

Campcodes Advanced Online Voting System is an online voting system. A cross-site scripting vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter title of the file...

6.1CVSS6.2AI score0.00604EPSS
Exploits1References4
Prion
Prion
added 2023/04/11 3:15 p.m.12 views

Cross site scripting

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...

5.8CVSS6.2AI score0.00669EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2023/04/11 12:0 a.m.17 views

IBM TRIRIGA Application Platform Cross-Site Scripting Vulnerability (CNVD-2024-01175)

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from International Business Machines IBM. The platform provides a set of design-time and run-time components for building and running its enterprise-class applications, respectively, and...

5.4CVSS6.5AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/11 12:0 a.m.12 views

CVE-2023-23277

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...

6.3AI score0.00669EPSS
Exploits1References3
Prion
Prion
added 2023/04/10 1:15 p.m.14 views

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...

4.9CVSS5.3AI score0.00601EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.248 views

SQL Monitor 12.1.31.893 Cross Site Scripting

Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting XSS Date: 12/21/2022 02:07:23 AM UTC Exploit Author: [email protected] Vendor Homepage: https://www.red-gate.com/ Software Link: https://www.red-gate.com/products/dba/sql-monitor/ Version: SQL Monitor 12.1.31.893 Tested on: Window...

6.4AI score0.02229EPSS
Exploits4
CNVD
CNVD
added 2023/03/31 12:0 a.m.28 views

Apache Archiva Cross-Site Scripting Vulnerability (CNVD-2023-23556)

Apache Archiva is a suite of software from the Apache Foundation for managing one or more remote stores. A cross-site scripting vulnerability exists in versions of Apache Archiva prior to 2.0 to 2.2.10. The vulnerability creates directory names that lack effective filtering and escaping of...

6.5CVSS5.4AI score0.01162EPSS
Exploits0References1
NVD
NVD
added 2023/03/28 3:15 p.m.20 views

CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS6AI score0.01499EPSS
Exploits1References1
Rows per page
Query Builder