Page 2 of 9 results (0.010 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN18765463 https://www.ss-proj.org https://www.ss-proj.org/support/938.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en versiones de SHIRASAGI anteriores a la v1.16.2 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario. • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN86350682/index.html https://www.ss-proj.org https://www.ss-proj.org/support/928.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. Vulnerabilidad de redireccionamiento abierto en SHIRASAGI v1.14.4 a v1.15.0 permite que un atacante remoto no autenticado redirija a los usuarios a un sitio web arbitrario y realice un ataque de phishing. • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN86350682/index.html https://www.ss-proj.org https://www.ss-proj.org/support/928.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en SHIRASAGI versiones v1.0.0 a v1.14.2, y v1.15.0, permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN32962443/index.html https://www.ss-proj.org https://www.ss-proj.org/support/843.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •