Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

IBM i 跨站脚本漏洞

IBM i is a set of operating systems from IBM running in IBM Power Systems and IBM PureSystems. IBM i versions 7.2, 7.3, 7.4, and 7.5 have a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploi...

CVE-2022-34819

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 V2.2.28, SIPLUS NET CP 1242-7 V2 All versions V3.3.46, SIPLUS NET CP 1543-1 All versions V3.0.22, SIPLUS S7-1200 CP 1243-1 All versions V3.3.46, SIPLUS S7-1200 CP 1243-1 RAIL All versions...

IBM CICS TX Advanced Cross-Site Scripting Vulnerability

IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. A cross-site scripting vulnerability exists in all versions of IBM CICS TX Advanced, which stems from the program's lack of data...

Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Magnolia CMS Cross-Site Scripting Vulnerability

Magnolia CMS is an application from the Swiss company Magnolia that provides a framework for building websites. version 6.2.19 of Magnolia CMS contains a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacke...

ZEIT Next.js NextAuth.js Cross-Site Scripting Vulnerability

ZEIT Next.js is a ZEIT company based on Vue.js, Node.js, Webpack and Babel.js open source web application framework . NextAuth.js is Next.js authentication . ZEIT Next.js NextAuth.js suffers from a cross-site scripting vulnerability. The vulnerability stems from the program's lack of data...

PESCMS cross-site scripting vulnerability

A cross-site scripting vulnerability exists in PESCMS version V2.3.3, a content publishing platform. The vulnerability stems from App/Team/GET/Report.php missing a data validation filter for user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on t...

Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-58412)

Zabbix Frontend is a monitoring software front-end tool from the American company Zabbix. A cross-site scripting vulnerability exists in Zabbix Frontend that stems from a graphical page that lacks checksum filters for user-supplied data and output. An authenticated attacker can exploit this...

JFrog Artifactory Cross-Site Scripting Vulnerability

JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog that supports clustering and high-availability Docker registries and provides an end-to-end solution for tracking artifact automation from development to production.JFrog Artifactory suffers fr...

Exploitation of Mitel MiVoice Connect SA CVE-2022-29499

In April 2022, telecommunications company Mitel published a security advisory on CVE-2022-29499, a data validation vulnerability in the Service Appliance component of MiVoice Connect, a business communications product. The vulnerability, which was unpatched at time of publication, arose from...

VICIdial Cross-Site Scripting Vulnerability

Vicidial is a software suite from Vicidial, Inc. Designed to interact with the Asterisk open source Pbx phone system as a complete inbound/outbound contact center suite with inbound email support. A cross-site scripting vulnerability exists in VICIdial versions prior to 2.14b0.5, which stems from...

Zoo Management System Cross-Site Scripting Vulnerability

PHPGURUKUL Zoo Management System is a zoo management system by Phpgurukul team. A cross-site scripting vulnerability exists in Zoo Management System v1.0, which stems from a lack of checksum filtering of user-supplied data and output in the Add Category feature. The vulnerability can be exploited...

JFrog Artifactory 跨站脚本漏洞

JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog that supports clustering and high-availability Docker registries and provides an end-to-end solution for tracking artifact automation from development to production.JFrog Artifactory suffers fr...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows attackers to circumvent security restrictions.

The vulnerability of the modproxy module in the Apache HTTP Server is related to insufficient validation of data authenticity or the use of unreliable sources for processing X-Forwarded- headers. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

ScratchTools Cross-Site Scripting Vulnerability

ScratchTools is a web extension to the STForScratch open source. Designed to make interaction with the Scratch programming language community Scratching easier, ScratchTools suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of...

Admidio Cross-Site Scripting Vulnerability

Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A cross-site scripting vulnerability exists in Admidio version 4.1.2, which stems from the program's lack of checksum filtering of...

WordPress Active Products Tables for WooCommerce plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Active Products Tables for WooCommerce plugin version prior to 1.0.5 has a cross-site scripting...

Library Management System跨站脚本漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System has a cross-site scripting vulnerability that originates in the file /admin/editadmindetails.php?id= The admin's parameter Name lacks a...