Lucene search
K

27433 matches found

OSV
OSV
added 2022/05/17 1:46 a.m.18 views

GHSA-QFR3-29W6-HWPG Typo3 Exception Handler XSS

Cross-site scripting XSS vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages...

4.3CVSS5.3AI score0.01387EPSS
Exploits0References9
OSV
OSV
added 2022/05/17 1:43 a.m.22 views

GHSA-7W6C-5PR4-7QVP Typo3 Backend XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.1AI score0.02026EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 1:43 a.m.27 views

Typo3 Install Tool XSS Vulnerability

Cross-site scripting XSS vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01492EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 1:38 a.m.46 views

Cross-site scripting in yui 2.4.0

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207...

4.3CVSS5.7AI score0.02454EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 1:38 a.m.7 views

Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Basic SEO Features seobasics extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01792EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 1:37 a.m.4 views

GHSA-GW2Q-CGVQ-9G3V Roundup Cross-site scripting (XSS) vulnerability

Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...

5.3CVSS5.9AI score0.01983EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/17 1:37 a.m.24 views

Roundup Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter...

4.3CVSS6AI score0.01822EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 1:37 a.m.18 views

Roundup Cross-site scripting (XSS) vulnerability

Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...

4.3CVSS5.7AI score0.01983EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 1:37 a.m.14 views

Roundup Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link...

4.3CVSS6AI score0.01983EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/17 1:37 a.m.18 views

GHSA-W563-RQ37-CVQ5 Typo3 Backend History Module Vulnerable to XSS

Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5AI score0.01177EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/17 1:37 a.m.24 views

Typo3 Backend API XSS Vulnerability

Cross-site scripting XSS vulnerability in the tree render API TCA-Tree in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.01823EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 1:37 a.m.19 views

Typo3 Backend History Module Vulnerable to XSS

Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.01177EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 1:37 a.m.17 views

GHSA-QMMW-CH2Q-J6XX Typo3 Backend API XSS Vulnerability

Cross-site scripting XSS vulnerability in the tree render API TCA-Tree in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5AI score0.01823EPSS
Exploits0References5
OSV
OSV
added 2022/05/17 1:36 a.m.35 views

GHSA-MFHR-3XMC-R2GG Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

Cross-site scripting XSS vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."...

4.3CVSS6.3AI score0.06366EPSS
Exploits1References8
OSV
OSV
added 2022/05/17 1:33 a.m.17 views

GHSA-4894-5VQC-6R2R Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

6.1CVSS5.2AI score0.0288EPSS
Exploits2References10
Github Security Blog
Github Security Blog
added 2022/05/17 1:33 a.m.44 views

Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

4.3CVSS5.2AI score0.0288EPSS
Exploits2References10Affected Software1
OSV
OSV
added 2022/05/17 1:33 a.m.29 views

GHSA-RVRJ-J7CC-236P DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter

Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the dnnVariable parameter to the default URI...

4.3CVSS5.4AI score0.02456EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2022/05/17 1:33 a.m.25 views

DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter

Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the dnnVariable parameter to the default URI...

4.3CVSS6AI score0.02456EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 1:32 a.m.10 views

Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the Static Methods since 2007 div2007 extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3libdiv::quoteJSvalue function...

4.3CVSS6.1AI score0.01294EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 1:29 a.m.19 views

GHSA-R8M7-792J-5JVQ TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component

Multiple cross-site scripting XSS vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...

3CVSS5.1AI score0.01094EPSS
Exploits0References9
Rows per page
Query Builder