Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-22697)

A cross-site scripting vulnerability in Zabbix Frontend, a monitoring software front-end tool from Zabbix USA, stems from a lack of data validation filtering of user-supplied data and output in the graphical configuration window, which could be exploited by an authenticated attacker to create a...

Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-22696)

A cross-site scripting vulnerability in Zabbix Frontend, a monitoring software front-end tool from Zabbix USA, stems from a lack of data validation filtering of user-supplied data and output in the project configuration window, which could be exploited by an authenticated attacker to create a lin...

Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-22695)

A cross-site scripting vulnerability in Zabbix Frontend, a monitoring software front-end tool from Zabbix USA, stems from a lack of data validation filtering of user-supplied data and output in the service configuration window, which could be exploited by an authenticated attacker to create a lin...

CVE-2020-14115

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code...

Orchard Core 跨站脚本漏洞

Net Core, an open source modular and multi-tenant application framework built using Asp.Net Core, and a content management system Cms built on top of the framework.A cross-site scripting vulnerability exists in Orchard Core, which stems from the lack of proper validation of client-side data in th...

WordPress plugin Custom Content Shortcode access control error vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress plugin Custom Content Shortcode versions prior to 4.0.2 are vulnerable to an access control error, which stems from the plugin's...

Shopware 跨站脚本漏洞

Shopware is a set of open source e-commerce software from the German company Shopware.Shopware suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied and output data. An attacker could exploit this vulnerability to inject...

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Autodesk AutoCAD PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PI...

Zyxel ZyWALL 2 Plus Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Zyxel ZyWALL 2 Plus, a firewall appliance for corporate environments from Zyxel China, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to be able to execute arbitrary...

reveal.js Cross-Site Scripting Vulnerability (CNVD-2022-31829)

reveal.js is a framework for presentation building. reveal.js versions prior to 4.3.0 have a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output, which can be exploited by attackers to execute JavaScript code on the client side...

Grav Cross-Site Scripting Vulnerability (CNVD-2022-71110)

Grav is a scalable CMS content management system for personal blogs, small content publishing platforms, and single-page product displays. cross-site scripting vulnerabilities exist in versions prior to Grav 1.7.31, which stem from the application's lack of data validation filtering of...

Ice Hrm Cross-Site Scripting Vulnerability (CNVD-2022-67479)

Ice Hrm is a human resource management system. Ice Hrm version 30.0.0.OS is vulnerable to a cross-site scripting vulnerability caused by a lack of data validation filtering of user-supplied and output data in the "m" parameter of the user dashboard. An attacker could exploit this vulnerability to...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2022-71111)

CMS Made Simple is a content management system CMS. The system supports a role-based permission management system, a wizard-based installation and update mechanism, an intelligent caching mechanism, etc. A cross-site scripting vulnerability exists in CMS Made Simple v2.2.15, which stems from the...

Adobe Photoshop TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Hospital Management System Cross-Site Scripting Vulnerability (CNVD-2022-67482)

Hospital Management System is a hospital management system. The system includes patient information management, ward management, surgery schedule management and financial management, etc. A cross-site scripting vulnerability exists in Hospital Management System v1.0, which stems from the lack of...

Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...