CVE-2021-39175 XSS vector in slide mode speaker-view

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...

ZEIT Next.js 跨站脚本漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. Next.js versions 10.0.0 to 11.0.0 have a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary js commands...

GHSA-GX5W-RRHP-F436 XSS in mdBook

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

Input validation

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

rConfig Cross-Site Scripting Vulnerability (CNVD-2021-102379)

rConfig is an open source network configuration management utility. rConfig version 3.9.5 contains a cross-site scripting vulnerability that can be exploited by remote attackers to execute arbitrary JavaScript code by entering a specific payload and saving it...

CVE-2020-25352

A stored cross-site scripting XSS vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving...

CVE-2021-34228

Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...

CVE-2021-34207

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field...

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field...

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...

CVE-2021-34228

Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...

Cross site scripting

Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...

Cross site scripting

Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field...

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field...

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...

rConfig 跨站脚本漏洞

rConfig is an open source network configuration management utility. rConfig version 3.9.5 contains a cross-site scripting vulnerability that can be exploited by remote attackers to execute arbitrary JavaScript code by entering a specific payload and saving it...

TotoLink A3002RU 跨站脚本漏洞

TOTOLINK A3002RU is a wireless router product from Taiwan-based TOTOLINK Corporation. tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 contains a security vulnerability that allows attackers to exploit it by modifying the " username" field or "password" field to execute arbitrary...

CVE-2021-39268

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...