3290 matches found
CVE-2021-31930
Persistent cross-site scripting XSS in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When a privileged user attempts to delete the...
Cross site scripting
Persistent cross-site scripting XSS in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When a privileged user attempts to delete the...
CVE-2021-31930
Persistent cross-site scripting XSS in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When a privileged user attempts to delete the...
The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from the lack of measures taken to protect the website structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the Magento Commerce development and management software platform relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser, through access with...
The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.
The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
XSS in Issue Type /editworkflowscheme.jspa - CVE 2021-26080
Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the EditWorkflowScheme.jspa component which allows remote attackers to inject arbitrary HTML or JavaScript: Affected versions: version 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...
XSS in Issue Type /editworkflowscheme.jspa - CVE 2021-26080
Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the EditWorkflowScheme.jspa component which allows remote attackers to inject arbitrary HTML or JavaScript: Affected versions: version 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2021-49191)
Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager. An attacker can exploit this vulnerability to execute arbitrary JavaScri...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager. An attacker can exploit this vulnerability to execute arbitrary JavaScri...
CVE-2021-3529
A flaw was found in noobaa-core. This flaw results in the name of an arbitrary URL copied into an HTML document as plain text between tags, including a potential payload script. The input is echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an...
PT-2021-3404 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitati...
APSB21-15 Security update available for Adobe Experience Manager
Adobe has released updates for Adobe Experience Manager AEM. These updates resolve vulnerabilities rated Critical and Important. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser...
Cross-Site Scripting
Overview A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. No patch exists and no further releases are planned. Recommendation Avoid using quill as there ...
Cross-Site Scripting (XSS)
craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists due to a failure to sanitize href tags values and does not restrict URL schemes, allowing attackers to execute arbitrary JavaScript in a victim's browser...
PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting XSS Date: May 3rd 2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on...
Cross-site scripting in bootstrap-select
Overview bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 1.13.6 or later References - CVE - GitHub Advisory...
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
Cross-Site Scripting (XSS)
drupal is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the attributename parameter...