6892 matches found
CVE-2021-29046
Cross-site scripting XSS vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the comliferayassetcategoriesadminwebportletAssetCategoriesAdminPortlettitle...
CVE-2021-29045
Cross-site scripting XSS vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2021-29039
Cross-site scripting XSS vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name...
Cross site scripting
Cross-site scripting XSS vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name...
NoneCms Cross-Site Scripting Vulnerability (CNVD-2021-34498)
NoneCms is a simple and compact open-source content management system that can be used to quickly build corporate sites, personal blogs, and support mobile. NoneCms 1.3.0 version of static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf cross-site scripting vulnerability. The...
Cross site request forgery (csrf)
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack...
CVE-2020-23370
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML...
CVE-2021-32092
A Cross-site scripting XSS vulnerability in the DocumentAction component of U.S. National Security Agency NSA Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter...
Cross site scripting
A Stored XSS vulnerability in interface/usergroup/usergroupadmin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter...
GHSA-V47F-VP3P-5J6H Cross-site scripting in ThinkAdmin
ThinkAdmin version v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML...
PHPFusion < 8.00.90 / 9.x < 9.10.00 XSS/CSRF Vulnerability
PHPFusion is prone to a cross-site scripting XSS and cross-site request forgery CSRF vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Cross-site scripting in papermerge
Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...
CVE-2020-23761
Cross Site Scripting XSS vulnerability in subrion CMS Version = 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab...
Cross site scripting
Cross Site Scripting XSS vulnerability in the Larsens Calender plugin Version = 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab...
Cross site scripting
Cross Site Scripting XSS vulnerability in subrion CMS Version = 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab...
CVE-2020-23762
Cross Site Scripting XSS vulnerability in the Larsens Calender plugin Version = 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab...
CVE-2020-23761
Cross Site Scripting XSS vulnerability in subrion CMS Version = 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab...
Cross site scripting
A Reflected Cross Site Scripting XSS Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php...
Cross site scripting
Cross-Site Scripting XSS in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields...
CVE-2021-28047
Cross-Site Scripting XSS in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields...