Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29815)

Summary IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability...

IBM Jazz for Service Management和IBM Tivoli Netcool/OMNIbus_GUI 跨站脚本漏洞

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...

Cross-site Scripting (XSS) - Reflected in sbrl/pepperminty-wiki

✍️ Description Stored XSS in action 🕵️‍♂️ Proof of Concept 1. Navigate to "index.php?action=alert1;&page=Main Page" 2. See XSS executed 💥 Impact With this vulnerability, You can run arbitrary java script on all users...

IBM Jazz for Service Management和IBM Tivoli Netcool/OMNIbus_GUI 跨站脚本漏洞

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...

CVE-2021-39307

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code...

Cross-site scripting in ICEcoder

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

GHSA-JF9V-Q8VH-3FMC Cross-site scripting in ICEcoder

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

ClinicCases Cross-Site Scripting Vulnerability (CNVD-2022-05858)

ClinicCases is an open source case management system designed for law school clinics.A cross-site scripting vulnerability exists in ClinicCases version 7.3.3, which stems from a lack of effective validation and filtering of user-submitted parameters by the software. The vulnerability allows a low...

LibreNMS Cross-Site Scripting Vulnerability (CNVD-2021-93896)

LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool. a stored cross-site scripting vulnerability exists in API access pages in versions of LibreNMS prior to 21.3.0. The vulnerability stems from insufficient validation of the $api-description variable. An attacker could use this...

Cross site scripting

In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...

Gibbon 跨站脚本漏洞

Gibbon is a school platform that solves real-world problems that educators encounter every day. A cross-site scripting vulnerability exists in Gibbon application version 22 that allows arbitrary execution of JavaScript code...

Stored XSS vulnerability on Bounce Management Callback

Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...

CVE-2021-29852

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528...

CVE-2021-34562

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response...

HedgeDoc Cross-Site Scripting Vulnerability (CNVD-2021-93909)

HedgeDoc is a platform for writing and sharing Markdown. cross-site scripting vulnerabilities exist in versions of HedgeDoc prior to 1.9.0. An attacker could exploit the vulnerability by embedding an iframe hosting malicious code into a slideshow or embedding a HedgeDoc instance into another page...

IBM Maximo Asset Management has an unspecified vulnerability (CNVD-2021-66912)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution enables the management of all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control over those assets.IBM Maximo...

CVE-2021-39175

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...

CVE-2021-39175 XSS vector in slide mode speaker-view

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...

ZEIT Next.js 跨站脚本漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. Next.js versions 10.0.0 to 11.0.0 have a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary js commands...

GHSA-GX5W-RRHP-F436 XSS in mdBook

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...