Lucene search
K

27433 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 7:2 p.m.14 views

Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via Categories Admin Page

Cross-site scripting XSS vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name...

6.1CVSS5.7AI score0.00754EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:46 p.m.12 views

GHSA-XHC3-5PGF-P576 subrion CMS Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in subrion CMS Version = 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab...

6.1CVSS6AI score0.01009EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:46 p.m.17 views

subrion CMS Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in subrion CMS Version = 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab...

6.1CVSS6.3AI score0.01009EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/24 5:45 p.m.10 views

GHSA-33JJ-92PX-M4G7 Craft CMS Cross-site Scripting Vulnerability

Cross Site Scripting XSS vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new...

5.4CVSS5.2AI score0.00848EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:45 p.m.17 views

Craft CMS Cross-site Scripting Vulnerability

Cross Site Scripting XSS vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new...

5.4CVSS6.1AI score0.00848EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/24 5:39 p.m.19 views

GHSA-WMH7-782F-XFW5 Gravity Forms stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

4.8CVSS4.9AI score0.00616EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:39 p.m.19 views

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...

5.4CVSS5.5AI score0.00607EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/24 5:34 p.m.20 views

GHSA-4M44-5J2G-XF64 Improper Neutralization of Input During Web Page Generation in CKEditor4

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

6.1CVSS6.2AI score0.02018EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/24 5:34 p.m.60 views

Improper Neutralization of Input During Web Page Generation in CKEditor4

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

6.1CVSS6.3AI score0.02018EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:27 p.m.18 views

xxl-job Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...

6.1CVSS6AI score0.01188EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/24 5:26 p.m.16 views

GHSA-8R2W-PHX4-MGPV Dolibarr stored Cross-Site Scripting (XSS) vulnerability

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

5.4CVSS5.2AI score0.00832EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:26 p.m.17 views

Dolibarr stored Cross-Site Scripting (XSS) vulnerability

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

5.4CVSS5.5AI score0.00832EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/24 5:24 p.m.11 views

GHSA-X9Q4-5F3C-CW62 MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability in the munkifacts aka Munki Conditions module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name...

6.1CVSS5.9AI score0.01161EPSS
Exploits0References6
OSV
OSV
added 2022/05/24 5:24 p.m.16 views

GHSA-79XR-V794-WQ35 MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters through which installed packages names and versions are reported...

6.1CVSS5.9AI score0.01161EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/24 5:24 p.m.13 views

MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment

A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...

5.4CVSS5.8AI score0.00936EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:24 p.m.14 views

MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability in the munkifacts aka Munki Conditions module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name...

6.1CVSS5.7AI score0.01161EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/24 5:21 p.m.7 views

GHSA-M396-2X3H-V3V4 Dolibarr reflected cross-site scripting (XSS) vulnerability

A reflected cross-site scripting XSS vulnerability in Dolibarr 11.0.4 and below allows remote attackers to inject arbitrary web script or HTML into public/notice.php related to transphrase and transkey...

6.1CVSS5.9AI score0.0081EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:7 p.m.13 views

Dolibarr cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...

6.1CVSS6.1AI score0.0147EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/24 5:7 p.m.6 views

GHSA-4HF3-229W-6H8R Dolibarr cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...

6.1CVSS6.1AI score0.0147EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.30 views

SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php

A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...

6.1CVSS5.8AI score0.01242EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder