AKCP sensorProbe SPX476 Cross Site Scripting

Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting XSS Date: 07-01-2021 Exploit Author: Tyler Butler Vendor Homepage: https://www.akcp.com/ Software Link: https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/ Advisory:...

AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting XSS Date: 07-01-2021 Exploit Author: Tyler Butler Vendor Homepage: https://www.akcp.com/ Software Link: https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/ Advisory:...

Exploit for Cross-site Scripting in Akcp Sensorprobe2_Firmware

CVE-2021-35956. Proof of Concept Exploit for CVE-2021-35956,...

CVE-2021-35956

Stored cross-site scripting XSS in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email from/to/cc, System Name, and System Location fields...

CVE-2021-33604

CVE-2021-33604 affects Vaadin Flow Server in development mode handler. The vulnerability is caused by a URL encoding error in the development mode handler of com.vaadin:flow-server, affecting versions 2.0.0–2.6.1 (Vaadin 14.0.0–14.6.1) and 3.0.0–6.0.9 (Vaadin 15.0.0–19.0.8). The underlying issue ...

CVE-2021-33604 Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser...

vaadin:flow-server 安全漏洞

Vaadin flow is a software application.The Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A security vulnerability exists in vaadin:flow-server that stems from a URL encoding error in the development mode handler. T...

Cross-Site Scripting (XSS)

striptags is vulnerable to cross-site scripting XSS. A type-confusion vulnerability occurs when concatenating unsanitized strings when an array-like object is passed in as the html parameter. An attacker who is able to control the shape of their input can abuse this behavior to inject and execute...

in polonel/trudesk

💥 BUG Stored xss via file upload 💥 IMPACT Stored xss allow to execute arbitary javascript in victim trudesk account External user also can execute xss in admin account here. 💥 STEP TO REPRODUCE 1. First from admin goto http://localhost:8118/teams and create a team called team2.\ Now goto...

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss using fullname 💥 IMPACT There is no xss filter present . Using this stored xss external user can attack admin and can execute arbitary javascript code in vicitm account . TESTED VERSION ========== trudesk 1.1.5 💥 STEP TO REPRODUCE 1. First goto...

Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-server

💥 BUG Stored xss bug against admin . 💥 TESTED VERSION v2021.3.6 💥 IMPACT lower level user can make xss attack against admin . Using xss bug attacker can execute arbitary javascript in victim account .\ Thus lower level user can execute arbitary javascript in admin account using this xss and can...

Cross-site Scripting (XSS)

datasette is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the ?trace=1 debugging feature...

CVE-2021-32106

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

CVE-2021-32106

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

APSB21-39 Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM. These updates resolve vulnerabilities rated Important and moderate. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser...

IBM Engineering Lifecycle Optimization - Engineering Insights Cross-Site Scripting Vulnerability

IBM Engineering Lifecycle Optimization - Engineering Insights is a collaborative Web-based application that unlocks engineering data from a variety of lifecycle management applications to give you the information you need to make the best engineering decisions. A cross-site scripting vulnerabilit...

CVE-2021-29670

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...

IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2021-38670)

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...

IBM Engineering Lifecycle Optimization 跨站脚本漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...