7613 matches found
Cisco Identity Services Engine Stored XSS (cisco-sa-ise-stored-xss-TWwjVPdL)
According to its self-reported version, Cisco Identity Services Engine is affected by multiple stored cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user...
CVE-2021-20784
HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...
CVE-2021-20784
HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...
CVE-2021-20784
Summary of CVE-2021-20784 : The HTTP server in Voidtools Everything (versions 1.0, 1.1, 1.2; Lite version excluded) contains an HTTP header injection flaw that may allow a remote attacker to inject arbitrary scripts or alter pages used by the product. The condition is tied to the software’s HTTP ...
CSZ CMS Cross-Site Scripting Vulnerability (CNVD-2021-50173)
CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS suffers from a cross-site scripting vulnerability that can be exploited to execute arbitrary web script or HTML via a specially crafted load entered in the "New Article" field under the "Article" plugin...
Codoforum cross-site scripting vulnerability (CNVD-2021-50176)
Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload with the "Smiley Code" parameter...
moziloCMS Stored Cross-Site Scripting Vulnerability
moziloCMS is open source a content management system CMS. A security vulnerability exists in moziloCMS, which can be exploited by an attacker to execute arbitrary web script or HTML through a specially crafted load by entering the "Content" parameter...
dotCMS Cross-Site Scripting Vulnerability (CNVD-2021-50940)
dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...
GitLab: Stored XSS in main page of a project caused by arbitrary script payload in group "Default initial branch name"
Summary A stored XXS exists in the main page of a project. By changing the "default branch name" of a group a malicious user can inject arbitrary JavaScript into the main page of a project. Any user that is either at least developer of the project, or an administrator of the GitLab instance, and...
Dotcms dotCMS 跨站脚本漏洞
dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...
CVE-2021-1607
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...
CVE-2021-1575
A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...
CVE-2021-1607 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...
CVE-2021-1575 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...
CVE-2021-1575 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...
Cross site scripting
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/...