7613 matches found
Cisco Webex Video Mesh Cross-Site Scripting Vulnerability
A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker...
Cisco Firepower Management Center Software Multiple Vulnerabilities (cisco-sa-fmc-xss-openredir-TVPMWJyg)
The version of Cisco Firerpower Management Center installed on the remote host is affected by multiple vulnerabilities as referenced in the cisco-sa-fmc-xss-openredir-TVPMWJyg advisory, as follows: - An authenticated, remote attacker can exploit a vulnerability in the web-based management interfa...
Tiki Wiki 跨站脚本漏洞
Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in TikiWiki v21.4, which allows an attacker to execute arbitrary web script or HTML by adding a payload under the Events module...
Tiki Wiki 跨站脚本漏洞
Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in TikiWiki v21.4 that allows an attacker to execute arbitrary web script or HTML via a crafted payload under the Create Category module...
Cisco TelePresence Management Suite Stored XSS (cisco-sa-tms-xss-CwjZJSQc)
According to its self-reported version, Cisco TelePresence Management Suite is affected by a stored cross-site scripting XSS vulnerability in its web-based management interface due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can...
Sourcecodester Customer Relationship Management System 代码问题漏洞
Sourcecodester Customer Relationship Management System is an open source Php project by the individual developer Carlo Montero. Used to provide an online platform for companies to manage interactions with their customers or prospects. A file upload vulnerability exists in Sourcecodester Customer...
CVE-2020-5669
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
Rocket.Chat: XSS in various MessageTypes
The Rocket.Chat vulnerability allowed arbitrary script execution in the receiving frontend client through the rendering of messages of various MessageTypes. The vulnerability affected versions 3.18.2 and 4.0.3. The issue was caused by the lack of sanitization of message parameters rendered from...
CVE-2020-36499
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting XSS vulnerability in the content parameter of the Rubric Block Add module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...
Cross site scripting
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...
Fork CMS 跨站脚本漏洞
Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in Fork CMS Content Management System version 5.8.0, which can be exploited by an attacker to...
Sugarcrm SugarCRM 跨站脚本漏洞
Sugarcrm SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM Sugarcrm, USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and information sharing and tracking of sales representatives. SugarC...
CVE-2021-34760
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...
Cross site scripting
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...
CVE-2021-34789
Cisco Tetration’s web-based management interface contains a stored XSS flaw caused by insufficient input validation. An authenticated attacker with valid administrative credentials could inject malicious scripts into specific interface pages, allowing execution of arbitrary script in the affected...
CVE-2021-34760 Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...
CVE-2021-20807
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20805
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20798
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...