Page 8 of 8833 results (0.179 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. • https://bugzilla.redhat.com/show_bug.cgi?id=2239091 https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/13u11erFly/cve/blob/main/xss.md https://vuldb.com/?ctiid.284717 https://vuldb.com/?id.284717 https://vuldb.com/?submit.443398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. • https://github.com/Fl4g-Pshacker/cve/blob/main/xss.md https://vuldb.com/?ctiid.284683 https://vuldb.com/?id.284683 https://vuldb.com/?submit.443194 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/curry136/cve/blob/main/xss8.md https://vuldb.com/?ctiid.284682 https://vuldb.com/?id.284682 https://vuldb.com/?submit.443189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/uix-slideshow/trunk/includes/shortcodes.php#L26 https://wordpress.org/plugins/uix-slideshow/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/f189f606-ec30-4f5d-81c9-d526ba7141f0?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •