Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters.
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.
Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host,
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications.
A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /log_query.php. The manipulation of the argument ID results in sql injection.
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
Page 1+ Next →