Lucene search
K

27433 matches found

Github Security Blog
Github Security Blog
added 2022/05/14 1:57 a.m.22 views

Cross-site Scripting in Apache Struts

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

6.1CVSS4.8AI score0.12018EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/14 1:53 a.m.16 views

GHSA-9M82-F3WX-P625 LibreNMS XSS Vulnerability

Persistent Cross-Site Scripting XSS issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboardname parameter in the /ajaxform.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and...

6.1CVSS5.9AI score0.01597EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/14 1:52 a.m.30 views

Jenkins vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors...

2.1CVSS3AI score0.0186EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:48 a.m.34 views

Jenkins Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS7.6AI score0.02132EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/14 1:44 a.m.39 views

GHSA-WRRJ-R2J4-969W Umbraco CMS vulnerable to stored XSS

Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...

4.8CVSS4.7AI score0.00651EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/14 1:44 a.m.19 views

Umbraco CMS vulnerable to stored XSS

Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...

4.8CVSS5.6AI score0.00651EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/14 1:42 a.m.13 views

GHSA-3V8X-286H-9PXP Dolibarr stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...

5.4CVSS5.1AI score0.01114EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/14 1:42 a.m.21 views

Dolibarr stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...

5.4CVSS5.2AI score0.01114EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 1:42 a.m.16 views

GHSA-4XFW-599Q-FMP6 Dolibarr stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to adherents/type.php...

5.4CVSS5.1AI score0.01075EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 1:42 a.m.15 views

Dolibarr reflected cross-site scripting (XSS) vulnerability

A reflected cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php...

6.1CVSS5.8AI score0.01417EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/14 1:42 a.m.13 views

GHSA-2GC5-3H3P-8VPF Dolibarr reflected cross-site scripting (XSS) vulnerability

A reflected cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php...

6.1CVSS6AI score0.01417EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 1:21 a.m.19 views

PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS5.9AI score0.01244EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:14 a.m.32 views

Improper Neutralization of Input During Web Page Generation in Spring Framework

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

4.3CVSS5.9AI score0.03348EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:14 a.m.26 views

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

Multiple cross-site scripting XSS vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS8.2AI score0.07084EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:9 a.m.146 views

jQuery vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

4.3CVSS4AI score0.19191EPSS
Exploits1References12Affected Software3
OSV
OSV
added 2022/05/14 1:9 a.m.47 views

GHSA-8JFM-RGMG-3WQ2 Apache Archiva vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Apache Archiva prior to version 2.2.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnectorcommit.action...

4.8CVSS4.9AI score0.04797EPSS
Exploits3References8
OSV
OSV
added 2022/05/14 12:56 a.m.28 views

GHSA-G78H-PF65-46RV Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)

The Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, and as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, is vulnerable to cross-site scripting because it allows remote attackers to inject arbitrary web script through a...

6.1CVSS6.3AI score0.0178EPSS
Exploits0References7
OSV
OSV
added 2022/05/13 1:33 a.m.28 views

GHSA-4CJ8-779H-R25H Cross-site Scripting in Pivotal Spring Batch Admin

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because...

6.1CVSS6AI score0.00754EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:31 a.m.28 views

Improper Neutralization of Input During Web Page Generation in IPython

Cross-site scripting XSS vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path...

6.1CVSS6AI score0.01762EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/13 1:31 a.m.27 views

GHSA-66GW-5XPF-GFP5 Improper Neutralization of Input During Web Page Generation in IPython

Cross-site scripting XSS vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path...

6.1CVSS5.9AI score0.01762EPSS
Exploits0References10
Rows per page
Query Builder