Lucene search
K

27433 matches found

CNVD
CNVD
added 2022/10/09 12:0 a.m.15 views

Canon Medical Vitrea View Cross-Site Scripting Vulnerability

Canon Medical Vitrea View is a DICOM network-enabled enterprise viewing solution from Canon, Japan. A cross-site scripting vulnerability exists in Canon Medical Vitrea View, which is used to visually display DICOM and multimedia images. An attacker could use this vulnerability to execute arbitrar...

6.1CVSS1.8AI score0.00923EPSS
Exploits1References1
NVD
NVD
added 2022/10/06 6:16 p.m.12 views

CVE-2022-39988

A cross-site scripting XSS vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the ServiceTemplates servicealias parameter...

5.4CVSS0.00616EPSS
Exploits3References1
CVE
CVE
added 2022/10/03 3:31 p.m.87 views

CVE-2022-42247

pfSense v2.5.2 contains a cross-site scripting (XSS) vulnerability in the browser.php component, allowing arbitrary web scripts or HTML to be executed via a crafted payload injected into a file name. The issue is documented in several sources (e.g., NVD, Red Hat, OSV, CVE lists). Connected docume...

6.1CVSS5.9AI score0.02454EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/09/30 2:15 p.m.21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the 2 groupID, 3 offset, or 4 limit parameter to a...

5.8CVSS6AI score0.00923EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/09/30 1:26 p.m.52 views

CVE-2022-37461

Canon Medical Vitrea View is affected: XSS in Vitrea View 7.x before 7.7.6 can be triggered via the error subdirectory path or by parameters (groupID, offset, limit) in the Administrative Panel, potentially allowing access to patient information. Affected versions are 7.x up to 7.7.5; remediation...

6.1CVSS6AI score0.00923EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/09/22 12:15 a.m.22 views

CVE-2022-28978

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

5.4CVSS5.6AI score0.00494EPSS
Exploits0References2
Prion
Prion
added 2022/09/22 12:15 a.m.18 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

4.9CVSS5.3AI score0.00494EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.7 views

PT-2022-25170 · Sourcecodester · Sourcecodester Simple Task Managing System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Task Managing System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter in the newProjectValidation.php component. Thi...

4.8CVSS5.7AI score0.00573EPSS
Exploits1References6
Check Point Advisories
Check Point Advisories
added 2022/09/14 12:0 a.m.2 views

WordPress KingComposer Plugin Cross-site Scripting (CVE-2020-15299)

A cross-site scripting vulnerability exists in WordPress KingComposer plugin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

4.3CVSS4.7AI score0.4696EPSS
Exploits1
Prion
Prion
added 2022/09/12 4:15 a.m.17 views

Cross site scripting

Multiple persistent cross-site scripting XSS vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname"...

4.9CVSS5.4AI score0.00598EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/09/12 3:4 a.m.55 views

CVE-2022-36254

The connected PT-2022-23273 entry provides concrete details for CVE-2022-36254: tramyardg Hotel Management System 1.0 (index.php) is vulnerable to persistent XSS via the fullname parameter, enabling remote script/HTML injection. Affected component is index.php; root cause is improper handling of ...

5.4CVSS5.4AI score0.00598EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/08 6:15 p.m.2 views

CVE-2022-38256

TastyIgniter v3.5.0 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS5.9AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2022/09/07 10:15 p.m.12 views

CVE-2020-19914

Cross Site Scripting XSS in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function...

6.1CVSS0.00593EPSS
Exploits1References1
Prion
Prion
added 2022/09/07 10:15 p.m.19 views

Cross site scripting

Cross Site Scripting XSS in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function...

5.8CVSS6.2AI score0.00593EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/09/07 9:14 p.m.46 views

CVE-2020-19914

CVE-2020-19914 concerns XiunoBBS 4.0.4 with a Cross Site Scripting (XSS) vulnerability exploitable through the attachment upload function, enabling remote script/HTML execution in the browser. The evidence across sources confirms the affected product and impact as described; exploitation status i...

6.1CVSS6.2AI score0.00593EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/08/08 3:15 p.m.13 views

Cross site scripting

A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the getproducts?search parameter...

5.8CVSS6AI score0.01422EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/08/08 2:10 p.m.80 views

CVE-2022-35493

CVE-2022-35493 affects eShop - Multipurpose Ecommerce Store Website version 3.0.4. Nuclei template and Red Hat/NVD references identify a reflected Cross-Site Scripting (XSS) vulnerability in the json search parse and the json response, exploitable via the get_products?search parameter on wrteam.i...

6.1CVSS6AI score0.01422EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.5 views

Student Management System 跨站脚本漏洞

Student Management System is a simple web-based student management software by the individual developer of Sk.Amir Hamza, Bangladesh. A security vulnerability exists in Student Management System version v1.0, which originates in navbaraction.php and allows attackers to execute arbitrary web scrip...

5.4CVSS6.2AI score0.00492EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/13 12:0 a.m.5 views

Enhancesoft osTicket 跨站脚本漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A security vulnerability exists in Enhancesoft osTicket, which stems from its component audit/class.audit.php that allows attackers to execute arbitrary web script or HTML via a crafted SVG file...

5.4CVSS6.2AI score0.01232EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2022/07/11 12:0 a.m.4 views

Jenkins Credentials Plugin Cross-site Scripting (CVE-2022-29036)

A cross-site scripting vulnerability exists in Jenkins Credentials Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

3.5CVSS4.9AI score0.7855EPSS
Exploits0
Rows per page
Query Builder