CVE-2021-20644

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page...

CVE-2021-20644

CVE-2021-20644 affects ELECOM WRC-1467GHBK-A. The vulnerability arises in the web setup page where displaying a specially crafted SSID can cause arbitrary scripts to execute in a user’s browser (cross-site scripting). The connected documents confirm the affected product and the impact as script e...

CVE-2021-20644

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page...

Luxion KeyShot 路径遍历漏洞

Luxion KeyShot is a software for designing photos of 3D scenes from Luxion USA. The software enables a real-time 3D rendering workflow that displays results immediately and reduces the time required to create photorealistic product photos. A path traversal vulnerability exists in the Luxion KeySh...

Mitel MiCollab Cross-Site Scripting Vulnerability (CNVD-2021-07243)

Mitel MiCollab is an enterprise collaboration software and tools platform solution. A cross-site scripting vulnerability exists in NuPoint Messenger Portal for Mitel MiCollab versions prior to 9.2. The vulnerability stems from insufficient input validation. An attacker could exploit the...

CVE-2020-25609

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data...

CVE-2020-25609

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22655)

Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. Six Apart Movable Type Premium is vulnerable to a cross-site scripting vulnerability that could be exploited by a remote authenticated attacker to inject arbitrary scripts via unspecified vectors...

CVE-2020-16030

Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Six Apart Movable Type 跨站脚本漏洞

Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. Six Apart Movable Type Premium is vulnerable to a cross-site scripting vulnerability that could be exploited by a remote authenticated attacker to inject arbitrary scripts via unspecified vectors...

KonaWiki3 cross-site scripting vulnerability

KonaWiki3 is a very simple PHP Wiki engine.KonaWiki3 is vulnerable to cross-site scripting. An attacker can exploit this vulnerability to execute arbitrary scripts on a user's Web browser via specially crafted URLs...

CVE-2020-27193

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

Remote Code Execution (RCE)

Blueman is vulnerable to remote code execution RCE. On systems with ISC DHCP client dhclient, attackers can pass arguments to ip link with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client,...

CVE-2020-5650

Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...

CVE-2020-24594

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...

Remote code execution

A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform...

CVE-2020-12456

CVE-2020-12456 affects Mitel MiVoice Connect Client prior to 214.100.1223.0. The issue arises from improper rendering of chat messages in the chat notification window, enabling remote code execution. A successful exploit could allow an attacker to steal session cookies, perform directory traversa...

Citrix ADC Reflected Cross Site Scripting (CVE-2020-8191)

A reflected cross-site scripting vulnerability exists in Citrix ADC and Citrix gateway. The vulnerability is due to insufficient input validation in the web-based management interface. Successful exploitation could result in execution of arbitrary scripts on the affected system...

Input validation

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML UXSS via crafted clipboard contents...

CVE-2020-6470

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML UXSS via crafted clipboard contents...