Lucene search
K

27433 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.2 views

SUSE CVE-2015-8393

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client...

7.5CVSS8.9AI score0.04371EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.2 views

SUSE CVE-2018-0618

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

4.4CVSS8AI score0.02048EPSS
Exploits0References6
CVE
CVE
added 2023/02/10 12:0 a.m.45 views

CVE-2023-24234

CVE-2023-24234 affects Inventory Management System v1, specifically the php-inventory-management-system/brand.php component. The vulnerability is a stored XSS that allows an attacker to inject arbitrary web scripts or HTML via the Brand Name parameter. Reported impact is execution of scripts with...

4.8CVSS4.9AI score0.0048EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/01/25 12:0 a.m.47 views

CVE-2022-46624

CVE-2022-46624 affects Online Graduate Tracer System v1.0.0 and is described as a cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary web scripts or HTML through a crafted payload injected into the name parameter. Connected sources corroborate that the affected v...

6.1CVSS5.8AI score0.00488EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/01/19 7:15 p.m.22 views

CVE-2022-46889

A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...

5.4CVSS5.1AI score0.60115EPSS
Exploits0References2
OSV
OSV
added 2023/01/19 7:15 p.m.22 views

CVE-2022-46889

A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...

5.4CVSS5AI score
Exploits0References2
OSV
OSV
added 2023/01/19 7:15 p.m.13 views

CVE-2022-46888

Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...

6.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2023/01/19 7:15 p.m.15 views

CVE-2022-46888

Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...

6.1CVSS6.1AI score0.01543EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/19 12:0 a.m.27 views

CVE-2022-46889

A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...

5.2AI score0.60115EPSS
Exploits0References2
EUVD
EUVD
added 2023/01/19 12:0 a.m.3 views

EUVD-2022-49668

Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...

6.1CVSS6.1AI score0.01543EPSS
Exploits1References2
CVE
CVE
added 2023/01/19 12:0 a.m.49 views

CVE-2022-46889

CVE-2022-46889 affects NexusPHP prior to 1.7.33, with a persistent XSS in the title parameter of /subtitles.php exploited by remote authenticated attackers to inject arbitrary script/HTML. The issue is mitigated by upgrading to version 1.7.33 or later (see PT-2023-15096). Exploitation status is n...

5.4CVSS5AI score0.60115EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/19 12:0 a.m.6 views

CVE-2022-46889

A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...

5.2AI score0.60115EPSS
Exploits0References2
CVE
CVE
added 2023/01/19 12:0 a.m.53 views

CVE-2022-46888

CVE-2022-46888 concerns NexusPHP versions before 1.7.33 with multiple reflected XSS vulnerabilities. An attacker can inject arbitrary script/HTML via parameters in several endpoints: /login.php (secret), /user-ban-log.php (q), /log.php (query), /moresmiles.php (text), /myhr.php (q), and /viewrequ...

6.1CVSS6AI score0.01543EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/01/16 4:15 p.m.34 views

CVE-2022-3904

The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics...

6.1CVSS6.3AI score0.01339EPSS
Exploits3References1
Cvelist
Cvelist
added 2023/01/12 12:0 a.m.25 views

CVE-2022-42704

A cross-site scripting XSS vulnerability in Employee Service Center esc and Service Portal sp in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget...

5.5AI score0.00439EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/12 12:0 a.m.12 views

CVE-2022-46622

A cross-site scripting XSS vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter...

5.9AI score0.00497EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/08 12:0 a.m.5 views

PT-2023-15895 · Unknown · Capsadmin Pac3

Name of the Vulnerable Software and Affected Versions: CapsAdmin PAC3 affected versions not specified Description: A problematic issue was found in CapsAdmin PAC3, affecting some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the url argument leads to...

5.4CVSS4.8AI score0.00566EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.6 views

CVE-2021-43657

A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...

5.4AI score0.00716EPSS
Exploits1References1
CVE
CVE
added 2022/12/15 12:0 a.m.52 views

CVE-2022-45033

CVE-2022-45033 refers to an XSS vulnerability in Expense Tracker 1.0 that enables an attacker to inject and execute arbitrary web scripts or HTML via the Chat text field. The root cause is improper input sanitization in the Chat field, enabling script execution in the victim’s browser. Affected s...

5.4CVSS5.3AI score0.00465EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/12/14 1:15 a.m.26 views

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

4.9CVSS5.4AI score0.0048EPSS
Exploits0References1
Rows per page
Query Builder