Cross-site Scripting (XSS)

ajaxnetprofessional is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of input validation in parse function of AjaxPro/core.js in when parsing json input which allows a malicious attacker to inject and execute arbitrary javascript...

Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin

Description grav-plugin-admin 1.10.25 has a Stored-XSS vulnerability that is executed when metadata information of a file whose name contains javascript are shown. Proof of Concept 1 - After installing grav+admin browse to http://127.0.0.1/admin/pages/home. 2 - Create a file named as follows:...

Cross-site Scripting (XSS) - Generic in bigbluebutton/bigbluebutton

Description Shared notes panel is vulnerable to XSS when rendering a new note, due to missing username sanitization. Proof of Concept 1. 1.Start a new web conference and share the link with other people 2. 2.A malicious user joins the conference with the following username: 3. 3.As soon as the...

CVE-2021-29116

A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...

Cross-site Scripting (XSS)

snipe-it is vulnerable to cross-site scripting attacks. The vulnerability exists because the custom field values in API response in transformAsset function of AssetsTransformer.php is not properly encoded which allows an attacker to inject and execute arbitrary Javascript...

CVE-2021-38982

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

UBUNTU-CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

CVE-2020-4140

IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052...

GNU Mailman 跨站脚本漏洞

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, conte...

Cross-site Scripting (XSS)

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. Detail...

Cross site scripting

Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...

UBUNTU-CVE-2021-22260

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...

CVE-2021-22260

Removed by vendor...

CVE-2021-38407

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2021-84238)

IBM InfoSphere Information Server is a data integration platform from IBM Corporation in the United States. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server has a security vulnerability that allows users to embed arbitrary...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Text' option of the 'datepicker.js' widget is not properly handled allowing a malicious attacker to send and execute arbitrary Javascript...

Cross-site Scripting (XSS)

jQuery-UI is vulnerable to cross-site scripting. The value of 'of' option of the '.position' in 'position.js' is not properly encoded, which allows a malicious attacker to inject and execute arbitrary Javascript...

Snipe-IT Cross-Site Scripting Vulnerability (CNVD-2022-19844)

Snipe-IT is an open source IT asset/license management system. Snipe-IT suffers from a cross-site scripting vulnerability that stems from the fact that the program is vulnerable to incorrect input during web page generation, which could be exploited by an attacker to execute arbitrary JavaScript...