Code injection

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2021-02377)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

U.S. Dept Of Defense: Reflected Xss in [██████]

Description: Reflected XSS in █████████ due to unsanitized single quote '. Impact An attacker could execute arbitrary javascript, and perform malicious actions ! Step-by-step Reproduction Instructions 1. Used payload: simo%27onfocus=%27confirmdocument.domain%27name=%27simo%27simo 2. Visit the url...

Vulnerabilities fixed in Adobe Connect

Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...

Adobe Acrobat and Reader Input Validation Improperity Vulnerability

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an improper input validation vulnerability. An attacker can exploit this vulnerability to achieve arbitrary JavaScript...

GHSA-V9WP-8R97-V6XG Cross-Site Scripting in jquery.json-viewer

Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting XSS. The package insufficiently sanitizes user input when creating links, and concatenates the user input in an tag. This allows attackers to create malicious links with JSON payloads such as: "foo":...

GHSA-3QH4-R86R-GRVM Arbitrary JavaScript Execution in typed-function

Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code. Recommendation Upgrade to version 0.10.6 or later...

CVE-2020-9648

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

CVE-2020-9651

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting reflected vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

CVE-2020-9644

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting stored vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

Cross site scripting

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting dom-based vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

CVE-2020-9651

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting reflected vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

CVE-2020-9648

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

Adobe Experience Manager 6.0 < 6.5 Multiple Vulnerabilities (APSB20-31)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-31 advisory. - Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery ssrf vulnerability...

Cross-Site Scripting

Overview All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers bei...

Design/Logic Flaw

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via an SVG image and HTML file that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

Cross-Site Scripting

Overview Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting XSS. The package insufficiently sanitizes user input when creating links, and concatenates the user input in an tag. This allows attackers to create malicious links with JSON payloads such as: "foo":...

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...