Code injection

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using a specially crafted website...

The vulnerability of the Adobe Connect instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2021-02377)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

OpenAsset Digital Asset Management software 跨站脚本漏洞

Openasset is a digital asset management software for the website building industry from Openasset UK. The OpenAsset Digital Asset Management software product suffers from an XSS injection vulnerability that could allow a remote attacker to inject arbitrary JavaScript or HTML for later rendering b...

OpenAsset Digital Asset Management software Cross-Site Scripting Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. A cross-site scripting vulnerability exists in the OpenAsset Digital Asset Management software that originates from allowing remote attackers to inject arbitrary JavaScript or HTML via...

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cross-Site Scripting (XSS)

MediaWiki is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser by creating a message with javascript:payload xss as a jQuery object with mw.message.parse...

Cross-Site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via post slugs...

Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerabilities in Themify Portfolio Post = 1.1.5 allow low-privileged users Contributor+ to inject arbitrary Javascript code or HTML in posts where the Themify Custom Panel is embedded. PoC 1. As a contributor, go into "Portfolios" tab from the sidebar and create a ne...

DEBIAN-CVE-2020-27783

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2020-68256)

IBM Jazz Reporting Service JRS is a suite of ready-to-use reporting components from IBM in the United States. The product includes features such as report generation, data collection and lifecycle queries. IBM Jazz Reporting Service has a security vulnerability that makes it susceptible to stored...

Bugventure Jsen Security Breach

Bugventure Jsen is a Js package for verifying Json objects from the Bugventure personal developer. A security vulnerability exists in jsen that can be exploited by an attacker to take control of a schema file, which can then be used to run arbitrary JavaScript code on the victim machine...

Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting XSS. An attacker can remove HTML elements during sanitization would keep existing SVG event handlers and subsequently execute arbitrary Javascript on a user's browser...

Cross site scripting

Stored Cross-site scripting XSS vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'...

Cross-Site Scripting (XSS)

prestashop/productcomments is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via various parameters within the application. The vulnerability exists as the content-type of the server response is not set to...

Cross-Site Scripting (XSS)

handsontable is vulnerable to Cross-Site Scripting XSS. The package fails to sanitize HTML before displaying on a user's browser, allowing an attacker to insert and execute arbitrary Javascript via the built-in functionalities...

Cross-Site Scripting (XSS)

jinja2 is vulnerable to Cross Site Scripting. An attacker is able to inject and execute arbitrary Javascript through the gettext and ngettext function due to the lack of output sanitization...