Page 42 of 214 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-1000051

https://notcve.org/view.php?id=CVE-2017-1000051

Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content Una vulnerabilidad de tipo Cross-site scripting (XSS) en la exportación pad en XWiki labs CryptPad anterior a la versión 1.1.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del contenido del pad. • https://blog.cryptpad.fr/2017/03/06/Security-growing-pains https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

CVE-2012-1019

https://notcve.org/view.php?id=CVE-2012-1019

Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/DownloadFeedback. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en XWiki Enterprise v3.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) XWiki.XWikiComments_comment en xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company cuando se edita un perfil de usuario, o (3) projectVersion en xwiki/bin/view/DownloadCode/DownloadFeedback. NOTA: algunos de estos detalles han sido obtenidos de terceras fuentes de información. • http://packetstormsecurity.org/files/109447/XWiki-Enterprise-3.4-Cross-Site-Scripting.html http://secunia.com/advisories/47885 http://st2tea.blogspot.com/2012/02/xwiki-cross-site-scripting.html http://www.securityfocus.com/bid/51867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2010-4641

https://notcve.org/view.php?id=CVE-2010-4641

SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en XWiki Enterprise en versiones anteriores a la 2.5. Permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar. • http://secunia.com/advisories/42058 http://www.osvdb.org/68976 http://www.securityfocus.com/bid/44601 http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWikiEnterprise25 https://exchange.xforce.ibmcloud.com/vulnerabilities/62943 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2010-4640

https://notcve.org/view.php?id=CVE-2010-4640

Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en XWiki Watch 1.0. Permiten a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro rev de (1) bin/viewrev/Main/WebHome y (2) bin/view/Blog, y los parámetros (3) register_first_name y (4) register_last_name de bin/register/XWiki/Register. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido de información de terceras partes. • http://secunia.com/advisories/42090 http://www.osvdb.org/68973 http://www.osvdb.org/68974 http://www.osvdb.org/68975 http://www.securityfocus.com/bid/44606 https://exchange.xforce.ibmcloud.com/vulnerabilities/62940 https://exchange.xforce.ibmcloud.com/vulnerabilities/62941 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2010-4642

https://notcve.org/view.php?id=CVE-2010-4642

Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en XWiki Enterprise en versiones anteriores a la 2.5. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://secunia.com/advisories/42058 http://www.osvdb.org/68977 http://www.securityfocus.com/bid/44601 http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWikiEnterprise25 https://exchange.xforce.ibmcloud.com/vulnerabilities/62942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •