Lucene search
K

27433 matches found

NVD
NVD
added 2023/03/28 3:15 p.m.20 views

CVE-2023-27008

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS6AI score0.01499EPSS
Exploits1References1
Prion
Prion
added 2023/03/28 3:15 p.m.14 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

5.8CVSS6AI score0.01499EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/03/17 1:15 p.m.13 views

Cross site scripting

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

5.8CVSS5.8AI score0.00464EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.39 views

Atlassian Jira < 6.0.5 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.5. It is, therefore, affected by multiple vulnerabilities: - A directory traversal in the Importers Plugin which permits remote attackers to create arbitrary files...

4.3CVSS5.6AI score0.02147EPSS
Exploits3References4
NVD
NVD
added 2023/03/01 12:15 a.m.16 views

CVE-2022-38220

An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...

6.1CVSS6.3AI score0.0068EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/28 12:0 a.m.25 views

CVE-2022-38220

An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...

6.4AI score0.0068EPSS
Exploits0References2
CVE
CVE
added 2023/02/28 12:0 a.m.61 views

CVE-2022-38220

CVE-2022-38220 affects Quest KACE Systems Management Appliance (SMA) up to and including version 12.1. The vulnerability is an XSS that could allow a remote attacker to inject arbitrary web script or HTML. The common references across sources (NVD/Red Hat/CNNVD/CVE list) corroborate the vulnerabl...

6.1CVSS6.2AI score0.0068EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/02/22 9:15 p.m.17 views

Cross site scripting

A Reflected Cross-site scripting XSS vulnerability in interface/forms/eyemag/php/eyemagfunctions.php in OpenEMR 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUESTURI...

4.9CVSS5AI score0.00429EPSS
Exploits0References1Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.732 views

K16967: XSS vulnerability in jQuery CVE-2011-4969

Security Advisory Description Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CVE-2011-4969 Impact There is no impact; F5 products are not affected by this...

4.3CVSS6.8AI score0.19191EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.31 views

K31424926: BIG-IP APM XSS vulnerability CVE-2019-6595

Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Access Policy Manager APM 11.5.x and 11.6.x Admin Web UI. CVE-2019-6595 Impact A remote attacker may be able to access the BIG-IP APM logon page and inject arbitrary web script or HTML to launch a cross-site scripti...

6.1CVSS6AI score0.00923EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.144 views

K51110104: XSS vulnerabilities CVE-2010-5312 and CVE-2012-6662

Security Advisory Description CVE-2010-5312 Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. CVE-2012-6662 Cross-site scripting XSS vulnerability in th...

6.1CVSS6.4AI score0.18351EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:31 p.m.39 views

K44164245: XSS vulnerability CVE-2013-2618

Security Advisory Description Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter. CVE-2013-2618 Impact There is no impact; F5 products are not affected by this...

4.3CVSS5.8AI score0.04682EPSS
Exploits6
CNNVD
CNNVD
added 2023/02/17 12:0 a.m.3 views

UJCMS 跨站脚本漏洞

UJCMS is UJCMS open source a Java open source content management system . UJCMS v4.1.3 version of a security vulnerability , the vulnerability stems from the existence of cross-site scripting XSS vulnerability , an attacker can be exploited to exploit the vulnerability will be carefully crafted...

6.1CVSS6.2AI score0.00429EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.3 views

SUSE CVE-2004-1318

Cross-site scripting XSS vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab "%09" character, which prevents the rest of the query from being properly sanitized...

4.3CVSS6.2AI score0.01884EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.2 views

SUSE CVE-2006-5752

Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...

4.3CVSS6AI score0.27783EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.2 views

SUSE CVE-2008-3714

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...

4.3CVSS6.1AI score0.05597EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.6 views

SUSE CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...

5.8CVSS7.1AI score0.03027EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.5 views

SUSE CVE-2011-2920

A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting XSS vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicio...

5.5CVSS6.1AI score0.02048EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.6 views

SUSE CVE-2012-0471

Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set...

4.3CVSS7.8AI score0.0204EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.9 views

SUSE CVE-2013-1808

Cross-site scripting XSS vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is...

4.3CVSS5.9AI score0.06316EPSS
Exploits4References5
Rows per page
Query Builder