CVE-2022-38195 BUG-000150540 - Reflected XSS vulnerability in ArcGIS Server

There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

Esri Arcgis Server 跨站脚本漏洞

Esri Arcgis Server is a Web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri. A security vulnerability exists in Esri Arcgis Server versions 10.8.1 and 10.7.1, which stems from a cross-site scripting vulnerability ...

Dependency-Track 安全漏洞

Dependency-Track is an intelligent supply chain component analysis platform for identifying third-party component risks. A security vulnerability exists in versions of Dependency-Track prior to 4.6.1 that stems from not coding or cleaning up the output of Showdown, which allows arbitrary JavaScri...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is a web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri. A cross-site scripting vulnerability exists in Esri ArcGIS Server version 10.9.1 and earlier, which stems from the presence of a...

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient escaping on the Blog Name value. An attacker can manipulate the output and execute arbitrary JavaScript by...

Cross-site scripting vulnerability in Import Files function of multiple Siemens products

Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site scripting vulnerability exists in several Siemens products. The vulnerability stems from an incorrect neutralization of input during web page generation in the Import Files function of the...

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

CVE-2022-41350

In Zimbra Collaboration Suite ZCS 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

Zimbra Collaboration Suite 跨站脚本漏洞

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from the lack of effective filtering...

CVE-2022-41349

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42235

A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form...

Cross site scripting

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42236

CVE-2022-42236 affects Merchandise Online Store v1.0. A Stored XSS issue exists in the edit account form that allows injection of arbitrary JavaScript. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE listings) and is associated with a MEDIUM base score (CVSSv3.1: AV:N/AC:...

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

CVE-2022-38709

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Code injection

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...