Lucene search
K

27433 matches found

OSV
OSV
added 2022/05/17 1:29 a.m.21 views

GHSA-R8M7-792J-5JVQ TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component

Multiple cross-site scripting XSS vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...

3CVSS5.1AI score0.01094EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/17 1:29 a.m.20 views

TYPO3 Flow Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow formerly FLOW3 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...

4.3CVSS6AI score0.01187EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2022/05/17 1:29 a.m.27 views

GHSA-5CMC-R23M-HVRR TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module

Cross-site scripting XSS vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.5AI score0.01187EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/17 1:26 a.m.29 views

Jenkins cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...

3.5CVSS5.6AI score0.01412EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 1:5 a.m.18 views

GHSA-H3VG-4X76-V28W Dolibarr ERP and CRM contain XSS Vulnerability

Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...

5.4CVSS5.2AI score0.00722EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/17 1:5 a.m.19 views

Dolibarr ERP and CRM contain XSS Vulnerability

Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...

5.4CVSS5.7AI score0.00722EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:47 a.m.21 views

NodeBB Cross-site Scripting Vulnerability in Markdown Processing

Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...

6.1CVSS6AI score0.01265EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/17 12:30 a.m.23 views

Umbraco CMS vulnerable to stored XSS

Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...

5.4CVSS6AI score0.00845EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 12:30 a.m.14 views

GHSA-XJ94-RGF9-CQ37 Umbraco CMS vulnerable to stored XSS

Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...

5.4CVSS5.3AI score0.00845EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 12:22 a.m.4 views

GHSA-X4X9-4C65-73W8 Concrete5 Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.3CVSS5.8AI score0.0143EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 12:22 a.m.16 views

Concrete5 Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.8AI score0.0143EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 12:17 a.m.19 views

GHSA-R68M-4V39-CF43 TeamPass stored cross-site scripting (XSS) vulnerability

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

5.4CVSS5.5AI score0.00955EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/17 12:17 a.m.18 views

TeamPass stored cross-site scripting (XSS) vulnerability

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

5.4CVSS5AI score0.00955EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.12 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01808EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.22 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

4.3CVSS5.9AI score0.0288EPSS
Exploits2References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.13 views

Cherry Music Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist...

5.4CVSS5.3AI score0.00847EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.18 views

Djblets Cross-site scripting Vulnerability

A cross-site scripting XSS vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name...

4.3CVSS5.2AI score0.02083EPSS
Exploits1References9Affected Software1
CNVD
CNVD
added 2022/05/16 12:0 a.m.15 views

Xtend Cross-Site Scripting Vulnerability

Xtend is a general-purpose high-level programming language for the Eclipse Foundation's Java Virtual Machine. Xtend Voice Logger version 1.0 has a security vulnerability that stems from a cross-site scripting vulnerability in the error page. An attacker can use the vulnerability to execute...

4.3CVSS2.3AI score0.0053EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/05/14 3:51 a.m.12 views

GHSA-V3FG-X8JW-M974 Fork CMS XSS via Highlight Parameter

Cross-site scripting XSS vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

4.3CVSS5.6AI score0.01226EPSS
Exploits1References6
OSV
OSV
added 2022/05/14 3:40 a.m.18 views

GHSA-GQMJ-F46X-WQHW phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature

Cross-site scripting XSS vulnerability in dbcentralcolumns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5.4CVSS5.1AI score0.01618EPSS
Exploits1References6
Rows per page
Query Builder