JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2022-55670)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains TeamCity 2022.04. The vulnerability stems from a lack of data validation filtering of user-supplied data a...

Improper Neutralization of Input During Web Page Generation Apache ActiveMQ

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation...

Moodle vulnerable to SQL injection

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the addtolog function in mod/wiki/view.php in the wiki module, or 2 "data validation in some forms elements" related to...

Alt-N Mdaemon Cross-Site Scripting Vulnerability

Alt-N MDaemon is a mail service system from Alt-N USA that provides complete mail server functionality, protects users from spam, enables web login to send and receive mail, supports remote management, and when used in conjunction with the MDaemon AntiVirus plugin, it also protects the system...

Alt-N Mdaemon Cross-Site Scripting Vulnerability (CNVD-2022-77865)

Alt-N MDaemon is a mail service system from Alt-N USA that provides complete mail server functionality, protects users from spam, enables web login to send and receive mail, supports remote management, and when used in conjunction with the MDaemon AntiVirus plugin, it also protects the system...

IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2022-38550)

IBM Jazz Team Server is an application server from IBM Corporation in the United States. provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. IBM Jazz Team...

Home Owners Collection Management Cross-Site Scripting Vulnerability (CNVD-2022-77871)

Fairway Independent Mortgage Home Owners Collection Management is a home purchase loan system from Fairway Independent Mortgage. home owners collection management v1 version contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and...

Home Owners Collection Management Cross-Site Scripting Vulnerability

Fairway Independent Mortgage Home Owners Collection Management is a home purchase loan system from Fairway Independent Mortgage. home owners collection management v1 version contains a cross-site scripting vulnerability, which stems from a lack of data validation filtering of user-supplied data a...

Survey Sparrow Enterprise Survey Software Cross-Site Scripting Vulnerability

Survey Sparrow Enterprise Survey Software is an enterprise survey software from Survey Sparrow, Inc. A cross-site scripting vulnerability exists in Survey Sparrow Enterprise Survey Software version 2022, which stems from a lack of data validation filtering in the Signup parameter is missing a dat...

Survey Sparrow Enterprise Survey Software Cross-Site Scripting Vulnerability (CNVD-2022-77875)

A cross-site scripting vulnerability exists in Survey Sparrow Enterprise Survey Software version 2022, which originates in the test parameter The vulnerability is caused by a lack of data validation filtering of user-supplied data and output. An attacker could use this vulnerability to execute...

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2022-38551)

IBM QRadar SIEM is a solution from IBM USA that leverages security intelligence to protect assets and information from advanced threats. The solution provides monitoring of the entire scope of the IT architecture, generating detailed reports on data access and user activity, etc. A cross-site...

USN-5415-1 linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service system crash. CVE-2020-27820 Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor...

SAP NetWeaver ABAP Server Cross-Site Scripting Vulnerability

SAP NetWeaver ABAP Server is a Web application server for SAP products from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains TeamCity 2022.04. The vulnerability stems from a lack of data validation filtering of user-supplied data a...

Survey Sparrow Enterprise Survey Software 跨站脚本漏洞

Survey Sparrow Enterprise Survey Software is an enterprise survey software from Survey Sparrow, Inc. A cross-site scripting vulnerability exists in Survey Sparrow Enterprise Survey Software version 2022, which stems from a lack of data validation filtering in the Signup parameter is missing a dat...

ShopWind 跨站脚本漏洞

ShopWind is a China ShopWind company based on the Yii2.0 framework deep refactoring of B2B2C, O2O industry e-commerce system software. You can easily create and publish your own brand of professional e-commerce platform for all-round branding and product promotion. shopWind v3.4.2 version and...

openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0125-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0125-1 advisory. - Use after free in Vulkan. CVE-2022-1477 - Use after free in SwiftShader. CVE-2022-1478 - Use after free in ANGLE. CVE-2022-1479 - Use aft...

SAP NetWeaver Application Server 跨站脚本漏洞

SAP NetWeaver ABAP Server is a Web application server for SAP products from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

arPHP cross-site scripting vulnerability

arPHP is a tool that enables Arabic web developers to provide search, presentation and processing of Arabic content in PHP. arPHP version 3.6.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output in Query.php. ...

FUEL CMS Cross-Site Scripting Vulnerability (CNVD-2022-38554)

FUEL CMS is a content management system CMS based on the Codelgniter framework.A cross-site scripting vulnerability exists in FUEL CMS version 1.5.1. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit the...