Lucene search
K

27433 matches found

OSV
OSV
added 2022/05/17 3:34 a.m.25 views

GHSA-6565-FG86-6JCX Django Cross-site Scripting Vulnerability

Cross-site scripting XSS vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonlyfields, as demonstrated by an @property...

6.1CVSS5.2AI score0.02052EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2022/05/17 3:34 a.m.23 views

Django Cross-site Scripting Vulnerability

Cross-site scripting XSS vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonlyfields, as demonstrated by an @property...

4.3CVSS5.9AI score0.02052EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 3:29 a.m.23 views

Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search searchnom field to 1 htdocs/societe/societe.php or 2 htdocs/societe/admin/societe.php...

4.3CVSS6AI score0.01937EPSS
Exploits2References9Affected Software1
OSV
OSV
added 2022/05/17 3:20 a.m.20 views

GHSA-JQMR-WQGP-8MH2 phpMyAdmin cross-site scripting Vulnerability in Table or Column Names

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

3.5CVSS5.9AI score0.01605EPSS
Exploits0References6
OSV
OSV
added 2022/05/17 3:12 a.m.24 views

GHSA-P632-5W74-X8XX phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value

Cross-site scripting XSS vulnerability in libraries/schema/ExportRelationSchema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schemaexport.php...

3.5CVSS5.6AI score0.00967EPSS
Exploits0References2
OSV
OSV
added 2022/05/17 3:12 a.m.5 views

GHSA-5XMG-W578-GQ5J Joomla! Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in libraries/idnaconvert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

5.3CVSS5.5AI score0.01482EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/17 3:3 a.m.14 views

TYPO3 Backend component Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark...

6.1CVSS5.8AI score0.0108EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/17 3:2 a.m.4 views

GHSA-5FQ5-PFV8-MRFV MoinMoin Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.01452EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/17 3:2 a.m.20 views

MoinMoin Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.6AI score0.01452EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/17 3:0 a.m.18 views

GHSA-84JM-CPC5-C7G7 Plone XSS in Zope ZMI

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...

6.1CVSS6AI score0.01342EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/05/17 3:0 a.m.17 views

Plone XSS in Zope ZMI

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...

6.1CVSS6.1AI score0.01342EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 2:52 a.m.13 views

Cherry Music Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist...

5.4CVSS5.4AI score0.00847EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/17 2:49 a.m.4 views

GHSA-48Q3-M4HF-56C9 TeamPass vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 label value of an item or 2 name of a role...

6.1CVSS5.7AI score0.01832EPSS
Exploits4References4
Github Security Blog
Github Security Blog
added 2022/05/17 2:49 a.m.14 views

TeamPass vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 label value of an item or 2 name of a role...

6.1CVSS5.7AI score0.01832EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2022/05/17 2:48 a.m.22 views

GHSA-R346-RMRG-QPGH Improper Neutralization of Input During Web Page Generation in RESTEasy

Cross-site scripting XSS vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.01553EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 2:48 a.m.26 views

Improper Neutralization of Input During Web Page Generation in RESTEasy

Cross-site scripting XSS vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS4.7AI score0.01553EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 2:46 a.m.21 views

GHSA-4XH9-5VH8-3P58 Yii Framework Reflected XSS

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

6.1CVSS6AI score0.01042EPSS
Exploits0References6
OSV
OSV
added 2022/05/17 2:43 a.m.9 views

GHSA-JJ4J-CWGQ-FX7G ViMbAdmin Cross-site Scripting Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 transport parameter to domain/add; the 3 name parameter to mailbox/add/did/; the 4 goto parameter to alias/add/did/; or the 5 captchatext...

5.4CVSS5.7AI score0.01012EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2022/05/17 2:43 a.m.21 views

ViMbAdmin Cross-site Scripting Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 transport parameter to domain/add; the 3 name parameter to mailbox/add/did/; the 4 goto parameter to alias/add/did/; or the 5 captchatext...

5.4CVSS5.8AI score0.01012EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2022/05/17 2:37 a.m.12 views

GHSA-HHFW-XXHM-PF32 ADOdb Cross-site scripting vulnerability in old test script

Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.01946EPSS
Exploits0References8
Rows per page
Query Builder