Lucene search
K

27433 matches found

Github Security Blog
Github Security Blog
added 2022/05/14 2:46 a.m.10 views

WSO2 Carbon vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 setName parameter to identity-mgt/challenges-mgt.jsp; the 2 webappType or 3 httpPort parameter to webapp-list/webappinfo.jsp; the 4 dsName or 5 descriptio...

6.1CVSS5.8AI score0.03998EPSS
Exploits5References6Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/14 2:45 a.m.22 views

Plone XSS

Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1CVSS5.8AI score0.01596EPSS
Exploits2References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:45 a.m.27 views

Plone vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.8AI score0.01575EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:44 a.m.45 views

Improper Neutralization of Input During Web Page Generation in Apache Axis2

Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...

4.3CVSS3.3AI score0.34927EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:44 a.m.10 views

MantisBT Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in manageprojcatadd.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action...

2.1CVSS5.6AI score0.01804EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/05/14 2:42 a.m.28 views

GHSA-C78G-QWPW-2JGV Improper Neutralization of Input During Web Page Generation in Apache Tomcat

Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 orderBy or 2 sort parameter to sessionsList.jsp, or unspecified input to 3...

4.3CVSS5.4AI score0.42009EPSS
Exploits1References13
OSV
OSV
added 2022/05/14 2:9 a.m.25 views

GHSA-6WFJ-2MW7-P5CG phpMyAdmin micro history Implementation XSS Vulnerability

Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...

4.3CVSS6.2AI score0.01862EPSS
Exploits0References6
OSV
OSV
added 2022/05/14 2:8 a.m.23 views

GHSA-MWM8-36C5-J5CF phpMyAdmin Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message...

6.1CVSS6.8AI score0.01754EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/14 2:8 a.m.26 views

phpMyAdmin Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message...

6.1CVSS6AI score0.01754EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2022/05/14 2:8 a.m.5 views

GHSA-6Q2J-8H8Q-46MR phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...

6.1CVSS6.4AI score0.0132EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/14 2:8 a.m.23 views

phpMyAdmin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS5.7AI score0.01642EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/14 2:8 a.m.32 views

GHSA-PW34-QF6C-84FC phpMyAdmin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

5.4CVSS5.8AI score0.01642EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/14 2:5 a.m.20 views

phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

3.5CVSS6.3AI score0.01519EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/05/14 2:5 a.m.19 views

GHSA-PVR5-84GR-G985 phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

3.5CVSS6.2AI score0.01519EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/14 2:5 a.m.28 views

phpMyAdmin cross-site scripting vulnerability in crafted view name

A cross-site scripting XSS vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js...

3.5CVSS5.3AI score0.01016EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/14 2:5 a.m.34 views

GHSA-Q586-XPWR-JC3J phpMyAdmin cross-site scripting vulnerability in crafted view name

A cross-site scripting XSS vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js...

3.5CVSS5.6AI score0.01016EPSS
Exploits1References4
OSV
OSV
added 2022/05/14 2:4 a.m.21 views

GHSA-4VWQ-X64Q-J4CJ Improper Neutralization of Input During Web Page Generation in Jupyter Notebook

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

6.1CVSS5.5AI score0.02768EPSS
Exploits1References14
Github Security Blog
Github Security Blog
added 2022/05/14 2:4 a.m.26 views

Improper Neutralization of Input During Web Page Generation in Jupyter Notebook

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

4.3CVSS5.5AI score0.02768EPSS
Exploits1References14Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/14 2:0 a.m.15 views

Subrion CMS Cross-site scripting in search

A cross-site scripting XSS vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to subrion/search/...

4.3CVSS5.7AI score0.0099EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/14 1:57 a.m.43 views

GHSA-M3X6-9V6H-4G28 Cross-site Scripting in Apache Struts

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

6.1CVSS6AI score0.12018EPSS
Exploits0References11
Rows per page
Query Builder