Lucene search
K

27433 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.30 views

SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php

A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...

6.1CVSS5.8AI score0.01242EPSS
Exploits1References4Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/05/23 12:0 a.m.8 views

Zimbra Collaboration Suite Cross Site Scripting (CVE-2018-6882)

A cross-site scripting vulnerability exists in Zimbra Collaboration Suite. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

4.3CVSS5AI score0.23717EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2022/05/20 11:39 p.m.22 views

CVE-2008-3823

Cross-site scripting XSS vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message...

4.3CVSS5.7AI score0.02979EPSS
Exploits2References3
CNVD
CNVD
added 2022/05/19 12:0 a.m.20 views

IPPlan Cross-Site Scripting Vulnerability

IPPlan is a web-based multilingual TCP IP address management IPAM software and tracking tool. Simplifying the management of the IP address space, IPPlan version 4.92b is vulnerable to a cross-site scripting vulnerability, which stems from a cross-site scripting XSS vulnerability found in...

3.5CVSS1.4AI score0.00698EPSS
Exploits1
OSV
OSV
added 2022/05/17 7:57 p.m.34 views

GHSA-9FC5-Q25C-R2WR Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9AI score0.06057EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/17 7:57 p.m.25 views

Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9AI score0.06057EPSS
Exploits0References14Affected Software3
Cvelist
Cvelist
added 2022/05/17 10:47 a.m.16 views

CVE-2021-42943

Stored cross-site scripting XSS in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter...

5.5AI score0.00698EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/05/17 5:52 a.m.22 views

Apache Struts is vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...

4.3CVSS6AI score0.05614EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/05/17 5:50 a.m.18 views

GHSA-QJ7X-WM9Q-QJX8 Plone Cross-site Scripting vulnerability in PortalTransforms

Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.5 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...

6.1CVSS5.3AI score0.01227EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 5:50 a.m.21 views

Plone Cross-site Scripting vulnerability in PortalTransforms

Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.5 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...

4.3CVSS6AI score0.01227EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 5:49 a.m.19 views

GHSA-6RM6-MJMH-86JQ HTML Purifier Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.3AI score0.02008EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/17 5:49 a.m.16 views

HTML Purifier Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.3AI score0.02008EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 5:49 a.m.24 views

MoinMoin Cross-site Scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 Page.py, 2 PageEditor.py, 3 PageGraphicalEditor.py, 4 action/CopyPage.py, 5...

4.3CVSS6AI score0.02657EPSS
Exploits1References19Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 5:49 a.m.26 views

MoinMoin cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/LikePages.py, 2 action/chart.py, and 3 action/userprofile.py, a similar issue to...

4.3CVSS6.2AI score0.0253EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 5:49 a.m.23 views

MoinMoin cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/SlideShow.py, 2 action/anywikidraw.py, and 3 action/languagesetup.py, a similar issue to CVE-2010-2487...

4.3CVSS6.2AI score0.0253EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2022/05/17 5:48 a.m.23 views

GHSA-PJMX-4GC6-HWV8 Drupal cross-site scripting vulnerability via actions feature and trigger module

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...

2.1CVSS6AI score0.01398EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/17 5:48 a.m.24 views

Drupal cross-site scripting vulnerability via actions feature and trigger module

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...

2.1CVSS5.7AI score0.01398EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/17 5:45 a.m.12 views

GHSA-7GFC-2V6G-6W9F Paste is vulnerable to Cross-site Scripting via vectors involving a 404 status code

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...

6.1CVSS5.3AI score0.02288EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/17 5:40 a.m.20 views

Plone XSS Vulnerability

Cross-site scripting XSS vulnerability in skins/plonetemplates/defaulterrormessage.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the typename parameter to Members/ipa/createObject...

4.3CVSS5.9AI score0.01143EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/05/17 5:40 a.m.12 views

GHSA-CVWC-G7FW-7XRJ Plone XSS Vulnerability

Cross-site scripting XSS vulnerability in skins/plonetemplates/defaulterrormessage.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the typename parameter to Members/ipa/createObject...

4.3CVSS5.5AI score0.01143EPSS
Exploits1References5
Rows per page
Query Builder