Lucene search
K

16821 matches found

NVD
NVD
added 2025/08/27 10:15 p.m.6 views

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

5.4CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 9:19 p.m.17 views

CVE-2025-34521

CVE-2025-34521 – Arcserve UDP XSS : A reflected cross-site scripting vulnerability exists in the Arcserve Unified Data Protection web interface, where unsanitized input is reflected in HTTP responses. This can allow remote attackers with low privileges to craft malicious links that, when a user v...

5.4CVSS6AI score0.00197EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/27 9:19 p.m.7 views

CVE-2025-34521 Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS)

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

4.8CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 9:19 p.m.4 views

CVE-2025-34521 Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS)

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

4.8CVSS5.5AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 5:15 p.m.3 views

CVE-2025-20296

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

5.4CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 4:23 p.m.7 views

CVE-2025-20294 Cisco UCS Manager Software Command Injection Vulnerability

Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. These vulnerabilities are du...

6.5CVSS0.01242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 4:23 p.m.2 views

CVE-2025-20294 Cisco UCS Manager Software Command Injection Vulnerability

Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. These vulnerabilities are du...

6.5CVSS7.9AI score0.01242EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 4:23 p.m.23 views

CVE-2025-20294

CVE-2025-20294 affects Cisco UCS Manager Software, specifically the CLI and web-based management interface. The root cause is insufficient input validation of command arguments, which could allow an authenticated, remote attacker with administrative privileges to perform command injection and esc...

6.5CVSS8AI score0.01242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 4:23 p.m.2 views

CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

5.4CVSS5.6AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 4:23 p.m.8 views

CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

5.4CVSS0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 4:23 p.m.9 views

CVE-2025-20296 Cisco UCS Manager Software Stored Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

5.4CVSS0.00207EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 4:23 p.m.16 views

CVE-2025-20296

CVE-2025-20296 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco UCS Manager Software. The issue arises from insufficient validation of user-supplied input on the management interface, allowing an authenticated, remote attacker (in the Admi...

5.4CVSS5.2AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 4:23 p.m.2 views

CVE-2025-20296 Cisco UCS Manager Software Stored Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

5.4CVSS5.2AI score0.00207EPSS
Exploits0References1
Cisco
Cisco
added 2025/08/27 4:0 p.m.7 views

Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

5.4CVSS6AI score0.00205EPSS
Exploits0References1
Cisco
Cisco
added 2025/08/27 4:0 p.m.7 views

Cisco UCS Manager Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. For more information about these...

6.5CVSS7.4AI score0.01242EPSS
Exploits0References1
Cisco
Cisco
added 2025/08/27 4:0 p.m.7 views

Cisco UCS Manager Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

5.4CVSS5.9AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 3:15 p.m.3 views

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

5.6CVSS0.00224EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.6 views

PT-2025-34947 · Arcserve · Arcserve Unified Data Protection

Name of the Vulnerable Software and Affected Versions: Arcserve Unified Data Protection UDP versions prior to 10.2 Arcserve Unified Data Protection UDP versions 8.0 through 10.1 Arcserve Unified Data Protection UDP versions 7.x and earlier Description: A reflected cross-site scripting XSS...

4.8CVSS5.8AI score0.00197EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/27 12:0 a.m.6 views

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

0.00224EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.2 views

PT-2025-34878 · Unknown · Diskover-Web

Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The software is susceptible to multiple reflected cross-site scripting XSS flaws within its web interface. Unsanitized GET parameters, including maxage, maxindex, index, path, q query, and doctype, are...

5.6CVSS5.7AI score0.00224EPSS
Exploits1References4
Rows per page
Query Builder