Lucene search
K

279 matches found

NCSC
NCSC
added 2024/05/15 12:0 a.m.5 views

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

8.8CVSS9.1AI score0.11471EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.26 views

RHEL 6 : JBoss Enterprise Web Platform 5.1.2 update (Low) (RHSA-2011:1802)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1802 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and ric...

5.8CVSS5.6AI score0.03201EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/04/21 12:0 a.m.34 views

RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0259)

The remote Redhat Enterprise Linux 5 / 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:0259 advisory. - jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web services CVE-2012-3451 - jbossws-cxf, apache-cxf: Bypass of...

5.8CVSS8.3AI score0.08882EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/04/11 12:0 a.m.3 views

Trimble TM4Web 权限许可和访问控制问题漏洞

Trimble TM4Web is a virtual simulation platform from Trimble designed to help users create and deploy Web-based virtual reality VR and augmented reality AR applications. A privilege permission and access control issue vulnerability exists in Trimble TM4Web version 22.2.0 that stems from improper...

9.8CVSS9.1AI score0.01018EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.6 views

The vulnerability of the virtuoso-opensource web application development platform, related to writing beyond the buffer limit, allows a hacker to trigger a service failure.

The vulnerability of the virtuoso-opensource web application development platform is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger service failures using specially created SQL operators...

7.8CVSS7.5AI score0.00894EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2024/02/26 4:27 p.m.8 views

CVE-2024-26466

A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.1CVSS5.8AI score0.00429EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.19 views

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.2AI score0.00429EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/26 12:0 a.m.15 views

CVE-2024-26466

A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6AI score0.00429EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.5 views

The web-platform-tests Project Security Vulnerabilities

The web-platform-tests Project is web-platform-tests open source a cross-browser test suite for the Web platform stack . The web-platform-tests Project commit 938e843 previous version of a security vulnerability , the vulnerability stems from the existence of DOM-based cross-site scripting XSS...

6.1CVSS6AI score0.00429EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/26 12:0 a.m.11 views

CVE-2024-26466

A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6AI score0.00429EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.4 views

PT-2024-21386 · Unknown · Web-Platform-Tests

Name of the Vulnerable Software and Affected Versions: web-platform-tests/wpt versions before commit 938e843 Description: A DOM based cross-site scripting XSS issue in the component /dom/ranges/Range-test-iframe.html allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.1CVSS6AI score0.00429EPSS
Exploits0References5
CVE
CVE
added 2024/02/26 12:0 a.m.5624 views

CVE-2024-26466

The CVE-2024-26466 entry describes a DOM-based XSS in web-platform-tests/wpt within the Range-test-iframe.html component, exposed before commit 938e843. The vulnerability allows an attacker to execute arbitrary Javascript by sending a crafted URL, with the impact aligned to a DOM-XSS type and use...

6.1CVSS6AI score0.00429EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/19 7:56 p.m.58 views

CVE-2024-25640

CVE-2024-25640 affects iris-web prior to version 2.4.0, where a stored XSS flaw exists at multiple locations. The underlying issue allows an authenticated attacker to inject scripts that execute when a user visits affected pages. Impact is consistent with XSS exposure leading to potential data ac...

5.4CVSS4.3AI score0.00337EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/19 7:56 p.m.6 views

CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...

4.6CVSS4.3AI score0.00337EPSS
Exploits0References3
NVD
NVD
added 2023/12/22 8:15 p.m.28 views

CVE-2023-50712

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...

5.4CVSS0.00298EPSS
Exploits0References2
Prion
Prion
added 2023/12/22 8:15 p.m.29 views

Cross site scripting

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...

4.9CVSS5.5AI score0.00298EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.10 views

PT-2023-30802 · Unknown · Smartstar Software Cws

Name of the Vulnerable Software and Affected Versions: SmartStar Software CWS affected versions not specified Description: The issue is related to missing authorization in the SmartStar Software CWS web-based integration platform. This allows users to access data or perform actions that they shou...

8.8CVSS8.4AI score0.00687EPSS
Exploits0References5
CVE
CVE
added 2023/12/01 9:48 p.m.60 views

CVE-2023-44381

CVE-2023-44381 affects October CMS. Affected component: template rendering in the CMS where an authenticated backend user with editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions can craft a request to inject PHP code into a CMS template due to cms.safe_mode being enabled. Th...

4.9CVSS5.1AI score0.00511EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/01 9:48 p.m.68 views

CVE-2023-44382

The CVE-2023-44382 entry concerns October CMS: an authenticated backend user granted editor.cms_pages, editor.cms_layouts, or editor.cms_partials can bypass cms.safe_mode by escaping the Twig sandbox, enabling execution of arbitrary PHP. Concrete details from multiple sources confirm the vulnerab...

9.1CVSS9.5AI score0.00873EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/11/29 8:15 p.m.38 views

CVE-2023-44383

October is a Content Management System CMS and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This...

5.4CVSS0.0041EPSS
Exploits0References2
Rows per page
Query Builder