JEESNS stored cross-site scripting vulnerability (CNVD-2021-74059)

JEESNS is a social management system developed on JAVA's enterprise-level platform. A stored cross-site scripting vulnerability exists in the /member/picture/album component in JEESNS version 1.4.2. The vulnerability can be exploited to execute arbitrary web script or HTML via a specially crafted...

JEESNS Stored Cross-Site Scripting Vulnerability

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the article comment section...

JEESNS Stored Cross-Site Scripting Vulnerability (CNVD-2021-74056)

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the editor's source field...

EyouCMS Cross-Site Scripting Vulnerability (CNVD-2021-82430)

EyouCms is a free and open source enterprise content management system based on the TP5.0 framework that focuses on the needs of enterprise website users. A remote attacker can use the title parameter in the bindemail function to inject arbitrary web script or HTML...

Cross site scripting

A Cross-site scripting XSS vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the title parameter in bindemail function...

Oracle Fatwire Cross Site Scripting

A cross-site scripting vulnerability exists in Oracle Fatwire. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

DRK Odenwaldkreis Testerfassung Cross-Site Scripting Vulnerability

DRK Odenwaldkreis Testerfassung is an open source solution for obtaining and recording rapid test results for corona antigens.A cross-site scripting vulnerability exists in DRK Odenwaldkreis Testerfassung March-2021, which can be exploited by attackers to inject arbitrary web script or HTML via a...

CVE-2020-19049

Cross Site Scripting XSS in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'...

Cross site scripting

A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...

CVE-2021-27558

A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...

EyouCms Cross-Site Scripting Vulnerability

EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Hainan Zanzan Network Technology Co. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...

CVE-2018-17861

A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Cross site scripting

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A cross-site scripting XSS vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2018-17861

A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2013-4718

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search...

Cross site scripting

Cross-site scripting XSS vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the comliferayjournalwebportletJournalPortletnam...

CVE-2021-33339

CVE-2021-33339 is a cross-site scripting (XSS) vulnerability affecting Liferay Portal 7.2.1–7.3.4 and Liferay DXP 7.2 prior to fix pack 9. The issue is triggered via the _com_liferay_site_admin_web_portlet_SiteAdminPortlet_name parameter in the Fragment module, enabling remote attackers to inject...

Cross site scripting

Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2021-33328

Cross-site scripting XSS vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the 1...