7613 matches found
Cross site scripting
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...
Cross site scripting
Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series...
CVE-2022-22146
CVE-2022-22146 affects TransmitMail (PHP) versions 2.5.0–2.6.1. Public docs identify two issues: (1) a directory traversal vulnerability (CWE-22) that can allow reading arbitrary files, and (2) a cross-site scripting vulnerability (CWE-79) that can inject scripts into a user’s browser. The CVE de...
CVE-2022-21805
Reflected cross-site scripting vulnerability in the attached file name of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2022-21799
Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors...
CVE-2022-21241
CSV+ prior to 0.8.1 is vulnerable to cross-site scripting: a remote unauthenticated attacker can inject arbitrary script or OS commands via a specially crafted CSV containing an HTML tag. Affected versions are CSV+ before 0.8.1; remediation is to update to v0.8.1 or later. CVSS details in source...
CVE-2022-21241
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...
CVE-2021-20877
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series...
CVE-2021-20877
CVE-2021-20877 is a stored cross-site scripting (XSS) vulnerability affecting Canon laser printers and related small office multifunction devices (many LBP, MF, imageRUNNER series) sold in Japan, the US, and Europe. The issue allows remote attackers to inject arbitrary script via unspecified vect...
CSV+ vulnerable to cross-site scripting
Overview CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Satoki Tsuji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a CSV file containing a t...
Design/Logic Flaw
Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in work flow management in Synology DiskStation Manager DSM before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2021-22813
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...
CVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...
Cross site scripting
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...
Cross site scripting
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...
CVE-2022-22868
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting XSS vulnerability, that allows attackers to inject arbitrary script via name parameters...
CVE-2021-22810
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...
GLPI 跨站脚本漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges...