CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

Adobe Creative Cloud Desktop Application 跨站脚本漏洞

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.0.5 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript in a browser...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2021-18028)

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.0.5 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript in a browser...

CVE-2020-29029

Improper Input Validation, Cross-site Scripting XSS vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

CVE-2020-29028 Reflected XSS issues

Cross-site Scripting XSS vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

Cross site scripting

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-14787)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that can be exploited by an attacker to embed arbitrary JavaScript code in t...

CVE-2021-3010

There are multiple persistent cross-site scripting XSS vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized...

Cross site scripting

There are multiple persistent cross-site scripting XSS vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that can be exploited by an attacker to embed arbitrary JavaScript code in t...

OpenText 跨站脚本漏洞

OpenText Content Server is a secure enterprise mobile content management system. A cross-site scripting vulnerability exists in OpenText Content Server 'multiple', which can be exploited by a remote attacker to introduce arbitrary JavaScript by creating malicious form values that will not be...

Monica 2.19.1 - (last_name) Stored XSS Vulnerability

Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host: 192.168.99.162...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2021-11047)

IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A cross-site scripting vulnerability exists in IBM Jaz...

Cross site scripting

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2021-21030

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

CVE-2021-21029 Magento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required...

CVE-2021-21030 Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

CVE-2020-24842

PNPSCADA 2.200816204020 allows cross-site scripting XSS, which can execute arbitrary JavaScript in the victim's browser...

CVE-2020-24842

PNPSCADA 2.200816204020 allows cross-site scripting XSS, which can execute arbitrary JavaScript in the victim's browser...

Cross-site Scripting (XSS)

roundcube is vulnerable to cross-site scripting XSS. The vulnerability exists through specific CSS token sequences during HTML email rendering which allows an attacker to inject and execute arbitrary javascript...