Lucene search
K

27433 matches found

OSV
OSV
added 2022/05/17 3:59 a.m.11 views

GHSA-56F9-5563-M2H7 Typo3 XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors...

5.4CVSS5.3AI score0.01141EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/17 3:59 a.m.18 views

Typo3 XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors...

5.4CVSS5.8AI score0.01141EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:59 a.m.22 views

Dolibarr ERP and CRM contain XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

5.4CVSS5.7AI score0.01386EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:59 a.m.26 views

Improper Neutralization of Input During Web Page Generation in Apache Solr

Multiple cross-site scripting XSS vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the 1 Analysis page, related to webapp/web/js/scripts/analysis.js or 2...

6.1CVSS5.8AI score0.02693EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:58 a.m.29 views

Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...

6.1CVSS5.7AI score0.03313EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 3:57 a.m.18 views

GHSA-WV8G-FX9J-Q2JG phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

3.5CVSS5.8AI score0.01617EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 3:57 a.m.31 views

phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

3.5CVSS5.6AI score0.01617EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:57 a.m.8 views

Apache Ranger Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

6.1CVSS5.9AI score0.04853EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:56 a.m.9 views

Apache Jetspeed vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

6.1CVSS5.8AI score0.03065EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:56 a.m.29 views

Cross-site Scripting in Apache Jetspeed

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

6.1CVSS4.2AI score0.03203EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:53 a.m.28 views

Jenkins cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie...

4.3CVSS6AI score0.01773EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:53 a.m.31 views

Improper Neutralization of Input During Web Page Generation in Jenkins

Cross-site scripting XSS vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts...

5.4CVSS5.6AI score0.01251EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:53 a.m.27 views

Jenkins Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813...

4.3CVSS5.7AI score0.01769EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/17 3:50 a.m.17 views

GHSA-W7RQ-8F2G-JVQR Djiblets Cross-site scripting Vulnerability via JSON Objects

A cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user...

6.1CVSS7.7AI score0.02392EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2022/05/17 3:50 a.m.28 views

Djiblets Cross-site scripting Vulnerability via JSON Objects

A cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user...

4.3CVSS5.6AI score0.02392EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:49 a.m.31 views

Eugene Pankov Ajenti Cross-site scripting Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the responderror function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 resources.js or 2 resources.css in ajenti:static/, related to the traceback page...

4.3CVSS6AI score0.02282EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:47 a.m.28 views

Drupal Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception...

6.1CVSS5.7AI score0.01488EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2022/05/17 3:46 a.m.29 views

GHSA-RP9P-863F-9C4H Cross-site Scripting in Apache ActiveMQ

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...

4.3CVSS8.1AI score0.06018EPSS
Exploits1References9
OSV
OSV
added 2022/05/17 3:38 a.m.22 views

GHSA-7GHM-FP7P-QVJQ Moodle XSS Vulnerability

Cross-site scripting XSS vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the sadditionalhtmlhead, sadditionalhtmltopofbody, and sadditionalhtmlfooter parameters...

6.1CVSS6.3AI score0.01543EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/17 3:38 a.m.31 views

Moodle XSS Vulnerability

Cross-site scripting XSS vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the sadditionalhtmlhead, sadditionalhtmltopofbody, and sadditionalhtmlfooter parameters...

6.1CVSS6.3AI score0.01543EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder