7613 matches found
CVE-2022-40690
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...
CVE-2022-40690
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...
Cross site scripting
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...
Cisco Identity Services Engine XSS (cisco-sa-ise-xss-twLnpy3M)
According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site scripting XSS vulnerability due to insufficient input validation in the External RESTful Services ERS API. An attacker could exploit this vulnerability by persuading an authenticated administrator o...
CVE-2022-41358
A stored cross-site scripting XSS vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-5694-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5694-1 advisory. It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a...
SUSE-SU-2022:3650-1 Security update for libreoffice
This update for libreoffice fixes the following issues: Updated to version 7.3.6.2 jscSLE-23447: - CVE-2022-3140: Fixed macro URL arbitrary script execution bsc1203209. - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation bsc1201868. - CVE-2022-26307: Fixed...
CVE-2022-3140
A vulnerability was found in LibreOffice that affects the Office URI Schemes. These schemes enable browser integration of LibreOffice with the MS SharePoint server. In LibreOffice, the links using the scheme 'vnd.libreoffice.command' could be constructed to call internal macros with arbitrary...
PT-2022-24615 · Liferay · Liferay Digital Experience Platform
Name of the Vulnerable Software and Affected Versions: Liferay Digital Experience Platform version 7.3.10 SP3 Description: A Cross-site scripting XSS issue in the Blog module's add new topic functionality allows remote attackers to inject arbitrary JS script or HTML into the name field of newly...
CVE-2022-35612
A cross-site scripting XSS vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field...
Debian DSA-5252-1 : libreoffice - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5252 advisory. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific t...
CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
Design/Logic Flaw
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
UBUNTU-CVE-2022-3140
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
Cross-Site Scripting (XSS)
bodhi is vulnerable to cross-site scripting. The vulnerability exists in overrides.html and updates.html because the input from the query parameter is auto-escaped and doesn't reflected back which allows an attacker to inject and execute arbitrary script...
CVE-2022-3140 Macro URL arbitrary script execution
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...
CVE-2022-3140
CVE-2022-3140 affects The Document Foundation LibreOffice: 7.4.x before 7.4.1 and 7.3.x before 7.3.6. Root cause is insufficient validation of the vnd.libreoffice.command URI scheme, which could be used to call internal macros with arbitrary arguments. When a user clicks the crafted link or a doc...