Lucene search
K

27433 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 4:41 a.m.15 views

Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

3.5CVSS5.5AI score0.03476EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:35 a.m.22 views

Fat Free CRM subject to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 first name, or 3 last name in a a create or b edit user action...

4.3CVSS5.6AI score0.01925EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/17 4:32 a.m.20 views

GHSA-HR59-35CR-QF43 Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in safehtml.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.1AI score0.00967EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/17 4:32 a.m.16 views

Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in safehtml.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00967EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/17 4:32 a.m.19 views

GHSA-Q46G-V7R4-9VHR Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.5AI score0.01187EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/17 4:32 a.m.22 views

Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "u,translate."...

4.3CVSS6AI score0.01187EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:32 a.m.26 views

Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01187EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:32 a.m.22 views

Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in widgettraversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01187EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/17 4:19 a.m.15 views

GHSA-5P69-RMX8-7GW7 phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

3.5CVSS5.1AI score0.01449EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/17 4:19 a.m.20 views

phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

3.5CVSS5.6AI score0.01449EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:19 a.m.23 views

phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

3.5CVSS5.6AI score0.01449EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:17 a.m.25 views

Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object...

4.3CVSS5.6AI score0.04702EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:17 a.m.17 views

ZF-Commons ZfcUser Vulnerable to XSS in Login Redirect

Cross-site scripting XSS vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...

4.3CVSS5.9AI score0.01892EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:8 a.m.3 views

The Preview plugin in CKEditor allows Cross-site scripting (XSS)

Cross-site scripting XSS vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01834EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 4:4 a.m.24 views

GHSA-66VJ-393F-HXFV OpenStack Swift Cross-site Scriping vulnerability

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

4.3CVSS5.3AI score0.02083EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/17 4:4 a.m.26 views

OpenStack Swift Cross-site Scriping vulnerability

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

4.3CVSS5.5AI score0.02083EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/17 4:2 a.m.22 views

GHSA-9GQJ-PPV2-F2HQ Cross-site Scripting in SmartyException

Cross-site scripting XSS vulnerability in the SmartyException class in Smarty aka smarty-php before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception...

4.3CVSS5.3AI score0.02462EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/17 4:2 a.m.32 views

Cross-site Scripting in SmartyException

Cross-site scripting XSS vulnerability in the SmartyException class in Smarty aka smarty-php before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception...

4.3CVSS5.9AI score0.02462EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/17 3:59 a.m.6 views

GHSA-XX7M-8RQ2-CW2V TYPO3 CMS indexed search Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the search result view in the Indexed Search indexedsearch component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5.3AI score0.00795EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 3:59 a.m.23 views

TYPO3 CMS indexed search Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the search result view in the Indexed Search indexedsearch component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5.3AI score0.00795EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder