Lucene search
K

27433 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.22 views

Moodle multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1...

3.5CVSS5.3AI score0.01749EPSS
Exploits0References23Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.24 views

Moodle cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse...

3.5CVSS5.4AI score0.01455EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.18 views

GHSA-F66H-6MJ2-RWJ2 Moodle multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog...

4.3CVSS5.3AI score0.01832EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.31 views

Moodle multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge...

4.3CVSS5.8AI score0.01187EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.16 views

GHSA-HWJV-MC78-CCCJ Moodle multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge...

4.3CVSS5.4AI score0.01187EPSS
Exploits0References10
OSV
OSV
added 2022/05/13 1:12 a.m.19 views

GHSA-GJ2J-PPJQ-9PJG Moodle Cross-site scripting (XSS) vulnerability in course management search

Cross-site scripting XSS vulnerability in the searchpagination function in course/classes/managementrenderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string...

6.1CVSS5.8AI score0.01568EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.30 views

Moodle Reflected XSS in mod_data advanced search

Cross-site scripting XSS vulnerability in the advanced-search feature in moddata in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as...

6.1CVSS6AI score0.01465EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.13 views

GHSA-6MXM-WPQV-675H Moodle XSS from profile fields from external db

Multiple cross-site scripting XSS vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field...

6.1CVSS6.8AI score0.01465EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2022/05/13 1:11 a.m.33 views

Horizon-Orchestration Cross-site scripting (XSS) vulnerability through resource name

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject...

4.3CVSS5.8AI score0.01689EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:11 a.m.32 views

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface

Cross-site scripting XSS vulnerability in the Host Aggregates interface in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name...

3.5CVSS6AI score0.02053EPSS
Exploits1References19Affected Software1
OSV
OSV
added 2022/05/13 1:10 a.m.26 views

GHSA-RXVX-44W5-44R7 Improper Neutralization of Input During Web Page Generation in Apache Sling

Multiple cross-site scripting XSS vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to 1 org/apache/sling/api/servlets/HtmlResponse and 2...

4.3CVSS5.6AI score0.06297EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:10 a.m.20 views

Improper Neutralization of Input During Web Page Generation in Apache Sling

Multiple cross-site scripting XSS vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to 1 org/apache/sling/api/servlets/HtmlResponse and 2...

4.3CVSS5.6AI score0.06297EPSS
Exploits1References9Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.18 views

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

5.4CVSS5.6AI score0.02068EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.24 views

Openstack Manila Persistent XSS in Metadata field

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

5.4CVSS5.6AI score0.01266EPSS
Exploits0References12Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/13 12:0 a.m.36 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

4.3CVSS6AI score0.01813EPSS
Exploits0References8Affected Software1
0day.today
0day.today
added 2022/05/12 12:0 a.m.233 views

Cyclos 4.14.7 - (groupId) DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A Dom-based Cross-sit...

6.1CVSS6.4AI score0.03424EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.284 views

Cyclos 4.14.7 Cross Site Scripting

Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Date: 17/04/2021 Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A...

6.1CVSS0.03837EPSS
Exploits7
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.290 views

Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)

Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Date: 17/04/2021 Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A...

6.1CVSS6.6AI score0.03424EPSS
Exploits4
CNVD
CNVD
added 2022/05/08 12:0 a.m.20 views

E-Commerce Website Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in E-Commerce Website version 1.0, which originates from a cross-site scripting XSS vulnerability in /public/admin/index.php?addproduct that allows an attacker to inject a specially crafted payload into the product title text field by injecting speciall...

3.5CVSS3.3AI score0.00538EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/05 2:48 a.m.29 views

Jenkins subject to Cross-site Scripting

Cross-site scripting XSS vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS3.7AI score0.01437EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder