CVE-2021-39268

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...

Cross site scripting

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...

CVE-2021-39268

CVE-2021-39268 : Persistent XSS in SuiteCRM web interface prior to 7.11.19. An attacker can inject arbitrary JavaScript via malicious SVG files because the clean_file_output protection can be bypassed. Impact is remote code execution of JavaScript with LOW integrity impact and no confidentiality/...

CVE-2021-39268

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...

Tastylgniter Cross-Site Scripting Vulnerability

TastyIgniter is a free open source restaurant online ordering system based on Laravel PHP Framework. A cross-site scripting vulnerability exists in Tastylgniter 3.0.7, which originates from the lack of validation of user-submitted data in the /account, /reservation, /admin/dashboard, and...

GHSA-PHWJ-86VX-CFJC Cross-site scripting in Apache Jena Fuseki

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

Cross-site Scripting (XSS)

curly-bracket-parser is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser when used as a template library due to lack of user input sanitization...

CVE-2021-37470

In NCH WebDictate v2.13, persistent Cross Site Scripting XSS exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript...

CVE-2021-37470

CVE-2021-37470 : In NCH WebDictate v2.13, a persistent Cross-Site Scripting (XSS) flaw exists in the Recipient Name field. An authenticated user can modify this field to inject arbitrary JavaScript, enabling script execution associated with the user’s session. Documented references confirm the vu...

Cross-Site Scripting (XSS)

typo3/cms is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via backend layouts...

CVE-2021-35054

Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files...

Atlassian JIRA Server 跨站脚本漏洞

Atlassian JIRA Server is the server version of a defect tracking management system from Atlassian Australia. The system is mainly used for tracking and managing various types of issues and defects in work. A cross-site scripting vulnerability exists in Atlassian Jira Server, which can be exploite...

Etherpad 跨站脚本漏洞

Etherpad is a web-based online document collaboration tool. Multiple users can write a text document simultaneously through Etherpad and see all participants' edits in real time.A cross-site scripting vulnerability exists in the chat component of Etherpad version 1.8.13, which can be exploited by...

Advantech R-SeeNet Cross-Site Scripting Vulnerability (CNVD-2021-57185)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...

Advantech R-SeeNet Cross-Site Scripting Vulnerability (CNVD-2021-57184)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...

CVE-2021-21802

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

CVE-2021-21803

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

PT-2021-14784 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is present in the device graph page.php script, part of the Advantech R-SeeNet web applications. It allows arbitrary JavaScript code execution when a victim visits a...

PT-2021-14785 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is present in the device graph page.php script, part of the Advantech R-SeeNet web applications. It allows arbitrary JavaScript code execution when a victim visits a...

Advantech R-SeeNet 跨站脚本漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...