Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is a web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri. A cross-site scripting vulnerability exists in Esri ArcGIS Server version 10.9.1 and earlier, which stems from the presence of a...

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient escaping on the Blog Name value. An attacker can manipulate the output and execute arbitrary JavaScript by...

Cross-site scripting vulnerability in Import Files function of multiple Siemens products

Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site scripting vulnerability exists in several Siemens products. The vulnerability stems from an incorrect neutralization of input during web page generation in the Import Files function of the...

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

CVE-2022-41350

In Zimbra Collaboration Suite ZCS 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

Zimbra Collaboration Suite 跨站脚本漏洞

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from the lack of effective filtering...

CVE-2022-41349

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42235

A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form...

Cross site scripting

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42236

CVE-2022-42236 affects Merchandise Online Store v1.0. A Stored XSS issue exists in the edit account form that allows injection of arbitrary JavaScript. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE listings) and is associated with a MEDIUM base score (CVSSv3.1: AV:N/AC:...

CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

The vulnerability of Mozilla Firefox browser and the Thunderbird email client relates to deficiencies in HTTP request processing, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to deficiencies in HTTP request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures, bypass security restrictions, access confidential information, or execute...

The vulnerability of the Mozilla Firefox browser lies in the insufficient resource control during the processing of XML documents. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the Mozilla Firefox browser is related to insufficient resource control during the processing of XML documents. Exploiting this vulnerability allows a malicious actor to cause service failures, bypass security restrictions, access confidential information, or execute arbitrar...

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

CVE-2022-38709

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Code injection

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...

PT-2022-15401 · Ibm · Ibm Application Gateway

Name of the Vulnerable Software and Affected Versions: IBM Application Gateway affected versions not specified Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trust...