Hexo cross-site scripting vulnerability

Hexo is a fast, simple and powerful blogging framework from the personal developer Tommy Chen in China. Hexo suffers from a cross-site scripting vulnerability that stems from Hexo's lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to...

Acronis Cyber Protect 15 Cross-Site Scripting Vulnerability

Acronis Cyber Protect is an application. providing unified protection for your network by integrating backup, disaster recovery, artificial intelligence-based malware protection, remote assistance and security into a single, reliable tool.Acronis Cyber Protect 15 suffers from a cross-site scripti...

The vulnerability of Cisco’s software algorithm, related to insufficient validation of input data, allows a perpetrator to trigger a service failure.

The vulnerability of Cisco software algorithms is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Open Design Alliance (ODA) ODAViewer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance ODA ODAViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Open Design Alliance (ODA) Drawings Explorer DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance ODA Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...

多款 Yamaha 跨站脚本漏洞

Yamaha NVR500 and others are products of Yamaha Corporation, Japan.Yamaha NVR500 is an enterprise router.Yamaha RTX810 is a Gigabit VPN Virtual Private Network router.Yamaha FWX120 is a firewall product. A cross-site scripting vulnerability exists in multiple Yamaha products, which originates fro...

JetBrains YouTrack Cross-Site Scripting Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows and monitoring project progress. A cross-site scripting vulnerability exists in JetBrains YouTrack, which stems from...

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

DEBIAN-CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

Input validation

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

CVE-2021-37999

CVE-2021-37999 stems from insufficient data validation in the Chromium-based New Tab Page component before version 95.0.4638.69, enabling a remote attacker to inject arbitrary scripts/HTML via a crafted HTML page. Connected advisories confirm the issue affects Google Chrome/Chromium, with remedia...

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Elementor Website Builder, which stems from...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Advanced Access Manager, which stems from a...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress BetterLinks suffers from a cross-site scripting vulnerability that stems from a lack of...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Video Lessons Manager, which stems from a...

Commvault CommCell AppStudioUploadHandler Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandle...