Moodle 输入验证错误漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from an input validation error vulnerability that stems from insufficient innocent handling of user-supplied data in th...

Hedgedoc 跨站脚本漏洞

Hedgedoc is a Javascript-based real-time editing and sharing platform for Markdown documents by the Hedgedoc team. A cross-site scripting vulnerability exists in HedgeDoc. A remote attacker can trick a victim into following a specially crafted link and execute arbitrary HTML and script code in a...

XSS in fieldID - CVE 2021-26079

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. Affected...

CVE-2020-21987

HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting XSS. XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's...

PT-2021-17500 · Unknown · Phpgurukul Beauty Parlour Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Beauty Parlour Management System version 1.0 Description: The issue allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the sername parameter in the "add-services.php" component. This enables attacker...

Knowage HTML Injection Vulnerability

Knowage is a suite of open source tools for modern business analytics. An HTML injection vulnerability exists in Knowage versions prior to 7.4. The vulnerability can be exploited to inject arbitrary HTML into "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...

CVE-2021-26549

An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

Cross site scripting

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser...

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

Design/Logic Flaw

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

OpenAsset Digital Asset Management software Cross-Site Scripting Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. A cross-site scripting vulnerability exists in the OpenAsset Digital Asset Management software that originates from allowing remote attackers to inject arbitrary JavaScript or HTML via...

CVE-2020-27783

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

DEBIAN-CVE-2020-27783

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

CVE-2020-27783

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

WESEEK GROWI Cross-Site Scripting Vulnerability

Weseek WESEEK GROWI is a suite of team collaboration software from WESEEK Weseek Japan. GROWI suffers from a cross-site scripting vulnerability that arises from insufficient validation of user-supplied data. An attacker could trick a victim into following a specially crafted link and execute...

Cacti < 1.2.14 XSS Vulnerability - Linux

Cacti is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-28415

A reflected cross-site scripting XSS vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url different vector than CVE-2020-28414...

CVE-2020-28414

A reflected cross-site scripting XSS vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url different vector than CVE-2020-28415...

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url different vector than CVE-2020-28414...

CVE-2020-7332

Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security ENS prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration...