7613 matches found
Cross site scripting
A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute...
CVE-2022-42458
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...
CVE-2022-42458
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...
CVE-2022-45122
Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.5301 and earlier Movable Type Advanced 7 Series, Movable Type 6.8.7 and earlier Movable Type 6 Series, Movable Type Advanced 6.8.7 and earlier Movable Type Advance...
CVE-2022-37406
CVE-2022-37406 affects Ricoh Aficio SP 4210N firmware versions prior to Web Support 1.05. The vulnerability is a cross-site scripting (XSS) issue in Web Image Monitor that can be exploited by a remote, authenticated attacker with administrative privileges to inject arbitrary scripts. Remediation ...
CVE-2022-43660
Improper neutralization of Server-Side Includes SSW within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable...
CVE-2022-42458
CVE-2022-42458 affects bingo!CMS versions 1.7.4.1 and earlier, where an authentication bypass vulnerability in management functions allows remote, unauthenticated attackers to upload arbitrary files, potentially enabling arbitrary script execution or file modification. The Red Hat and JVN entries...
CVE-2022-42486
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
CVE-2022-43499
Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...
CVE-2022-43500
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...
CVE-2022-43497
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...
CVE-2022-43497
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...
CVE-2022-43500
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...
Cross site scripting
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...
Cross site scripting
Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress versions prior to 6.0.3. An attacker exploiting this...
CVE-2022-43500
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...
CVE-2022-43497
Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...