Lucene search
K

27433 matches found

Github Security Blog
Github Security Blog
added 2022/06/13 12:0 a.m.37 views

Cross-site Scripting in SEOmatic plugin

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...

6.1CVSS3.8AI score0.01029EPSS
Exploits0References5Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/06/13 12:0 a.m.5 views

WhatsApp Desktop Cross Site Scripting (CVE-2019-18426)

A cross site scripting vulnerability exists in WhatsApp Desktop. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

5.8CVSS4.7AI score0.67859EPSS
Exploits5
NVD
NVD
added 2022/06/12 12:15 p.m.28 views

CVE-2021-41750

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...

6.1CVSS0.01029EPSS
Exploits0References3
OSV
OSV
added 2022/06/12 12:15 p.m.17 views

CVE-2021-41750

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...

6.1CVSS6AI score
Exploits0References3
Prion
Prion
added 2022/06/12 12:15 p.m.16 views

Cross site scripting

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...

4.3CVSS5.9AI score0.01029EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/06/12 11:29 a.m.79 views

CVE-2021-41750

The CVE-2021-41750 entry corresponds to a cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3. The issue arises from a flaw in the handling of a GET request to /index.php?action=seomatic/file/seo-file-link, where the url parameter (base64-encoded URL) and fileNa...

6.1CVSS5.9AI score0.01029EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/06/12 11:29 a.m.27 views

CVE-2021-41750

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...

6.1AI score0.01029EPSS
Exploits0References3
CNVD
CNVD
added 2022/06/09 12:0 a.m.23 views

Online Market Place Site Cross-Site Scripting Vulnerability

Online Market Place Site is an online marketplace site. v1.0 of Online Market Place Site is vulnerable to a cross-site scripting vulnerability in which the Page parameter in the source/omps/seller lacks a checksum filter for user-supplied data and output data. An attacker could use the...

3.5CVSS1.9AI score0.00476EPSS
Exploits1Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/06/07 12:0 a.m.4 views

QNAP FileStation Cross Site Scripting (CVE-2018-19953)

A cross site scripting vulnerability exists in QNAP FileStation. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.3CVSS4.9AI score0.23894EPSS
Exploits0
NVD
NVD
added 2022/06/02 2:15 p.m.9 views

CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

6.1CVSS0.00734EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.20 views

Delta Controls enteliTOUCH 跨站脚本漏洞

Delta Controls enteliTOUCH is a touchscreen building controller from Delta Controls Canada. A security vulnerability exists in Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005, which stems from a cross-site scripting vulnerability discovered via the Username parameter. The...

6.1CVSS6.3AI score0.00725EPSS
Exploits2References3
Cvelist
Cvelist
added 2022/05/31 8:34 p.m.16 views

CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

6.1AI score0.00734EPSS
Exploits0References2
CVE
CVE
added 2022/05/24 11:44 p.m.64 views

CVE-2022-29359

CVE-2022-29359 affects School Club Application System v0.1. It describes a stored XSS vulnerability in /scas/?page=clubs/application_form&id=7 (or id=7) where an attacker can inject a crafted payload via the firstname parameter to execute arbitrary web scripts/HTML. The issue is confirmed across ...

6.1CVSS5.8AI score0.01104EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:10 p.m.9 views

Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the comliferayjournalwebportletJournalPortletnam...

5.4CVSS5.8AI score0.00678EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/05/24 7:10 p.m.1 views

GHSA-9H7F-5HC8-CJ5F Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...

6.1CVSS5.9AI score0.0075EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 7:9 p.m.3 views

GHSA-HGJV-7WJR-QWQP Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module

Cross-site scripting XSS vulnerability in the Frontend JS module before version 4.0.18, in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a...

6.1CVSS6AI score0.0098EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 7:9 p.m.9 views

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00845EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/05/24 7:9 p.m.3 views

GHSA-9995-QVCG-X7G6 Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS6.2AI score0.00845EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 7:6 p.m.14 views

GHSA-GJF5-J475-P4G6 Stored XSS in LavaLite 5.8.0

A stored cross site scripting XSS vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter...

5.4CVSS5.2AI score0.005EPSS
Exploits1References2
OSV
OSV
added 2022/05/24 7:5 p.m.21 views

GHSA-G5M5-J48G-FR24 Moodle Cross Site Scripting (XSS)

Cross Site Scripting XSS in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field...

5.4CVSS5.7AI score0.00906EPSS
Exploits1References3
Rows per page
Query Builder