7613 matches found
DzzOffice 跨站脚本漏洞
DzzOffice is a platform from IBM DzzOffice in the United States that provides online collaborative office suite functionality. The platform can be used to provide online documents, forms, web disk, presentations and other functions. A security vulnerability exists in the referer parameter of...
Atlassian JIRA < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 XSS (JRASERVER-72392)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is affected by a cross-site scripting vulnerability in the number range searcher component due to improper validation of user-supplied input before returning it to users. An...
Six Apart Movable Type 跨站脚本漏洞
Six Apart Movable Type MT is a blogging system from Six Apart USA. The system includes features such as multiple users, comments, quotes, and topics. Six Apart Movable Type suffers from a cross-site scripting vulnerability that stems from the application's insufficient cleansing of user-supplied...
JVN#97545738: Multiple cross-site scripting vulnerabilities in Movable Type
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Search screen CWE-79 - CVE-2021-20808 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...
CVE-2021-33191 MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...
CVE-2021-20769
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20766
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20766
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20767
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20771
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20792
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors...
CVE-2021-20770
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20792
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors...
CVE-2021-20771
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20769
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...