Search Results (367189 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29518 1 Xwiki 1 Xwiki 2025-02-05 9.9 Critical
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Invitation.InvitationCommon`. This page is installed by default. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-29519 1 Xwiki 1 Xwiki 2025-02-05 9.1 Critical
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.2, 15.0-rc-1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-29520 1 Xwiki 1 Xwiki 2025-02-05 4.3 Medium
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load.
CVE-2017-1567 1 Ibm 1 Engineering Requirements Management Doors 2025-02-05 N/A
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131769.
CVE-2017-1563 1 Ibm 1 Engineering Requirements Management Doors 2025-02-05 N/A
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763.
CVE-2017-1540 1 Ibm 1 Engineering Requirements Management Doors 2025-02-05 N/A
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.
CVE-2017-1532 1 Ibm 1 Engineering Requirements Management Doors 2025-02-05 N/A
IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.
CVE-2017-1516 1 Ibm 1 Engineering Requirements Management Doors 2025-02-05 N/A
IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.
CVE-2017-1545 1 Ibm 1 Engineering Requirements Management Doors 2025-02-05 N/A
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.
CVE-2017-1515 1 Ibm 1 Engineering Requirements Management Doors 2025-02-05 N/A
IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.
CVE-2018-1457 3 Ibm, Linux, Microsoft 3 Engineering Requirements Management Doors, Linux Kernel, Windows 2025-02-05 9.8 Critical
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.
CVE-2024-13511 1 Variation Swatches For Woocommerce Project 1 Variation Swatches For Woocommerce 2025-02-05 4.3 Medium
The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access.
CVE-2023-21098 1 Google 1 Android 2025-02-05 7.8 High
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867
CVE-2022-48020 1 Vinteo 1 Video Core 2025-02-05 6.1 Medium
Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser.
CVE-2023-39308 1 Monsterinsights 1 Userfeedback 2025-02-05 7.1 High
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7 versions.
CVE-2024-57556 1 Nbubna 1 Store 2025-02-05 6.1 Medium
Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
CVE-2024-28097 1 Schoolbox 1 Schoolbox 2025-02-05 7.3 High
Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.
CVE-2024-28096 1 Schoolbox 1 Schoolbox 2025-02-05 7.3 High
Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.
CVE-2024-28095 1 Schoolbox 1 Schoolbox 2025-02-05 7.3 High
News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users.
CVE-2024-28094 1 Schoolbox 1 Schoolbox 2025-02-05 8.8 High
Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records.