Cybozu Remote Service Cross-Site Scripting Vulnerability

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a cross-site scripting vulnerability exists in the Cybozu Remote Service management interface. A remote attacker can use this vulnerability to inject arbitrary scripts...

Cross-Site Scripting (XSS)

prestashop/pslinklist is vulnerable to cross-site scripting. The vulnerability exists because the custom URLs are not validated in 'buildForm' function in 'CustomUrlType.php' allowing a malicious attacker to inject arbitrary scripts...

Apache NiFi OS Command Injection Vulnerability

Apache NiFi is a data processing and distribution system from the Apache Foundation in the United States. The system is primarily used for data routing, transformation, and system mediation logic. versions prior to Apache NiFi MiNiFi C version 0.5.0 have security vulnerabilities that allow an...

CVE-2020-21494

A cross-site scripting XSS vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0...

CVE-2020-23481

CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field...

Cross site scripting

The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...

CVE-2020-19265

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19266

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

JEESNS 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the system error message text field...

The vulnerability of the PopojiCMS content management system arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary web or HTML scripts.

The vulnerability in the /admin.php?mod=user&act=addnew function of the PopojiCMS content management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary web or HTML scripts by using a special...

CVE-2021-34645

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0...

Cross site request forgery (csrf)

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0...

CVE-2021-34666 Add Sidebar <= 2.0.0 Reflected Cross-Site Scripting

The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the /wpsidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0...

CVE-2020-21362

A cross site scripting XSS vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2021-59719)

Cybozu Garoon is a portal-based OA office system from Cybozu Japan. A cross-site scripting vulnerability exists in some of the email functions in Cybozu Garoon. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

Liferay Portal 和 Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2021-59740)

A cross-site scripting vulnerability exists in Scheduler in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

Cybozu Garoon Bulletin Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Bulletin in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2021-59722)

A cross-site scripting vulnerability exists in some functions of Cybozu Garoon's group email. An attacker can exploit this vulnerability to execute arbitrary scripts on the logged-in user's Web browser...

Cybozu Garoon Message Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Message in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...