174 matches found
MAHO-PBX NetDevancer series 跨站脚本漏洞
The MAHO-PBX NetDevancer series is an IP-PBX system from MAHO-PBX Japan. A security vulnerability exists in the MAHO-PBX NetDevancer series, which is caused by cross-site scripting XSS in the Management screen, which can be exploited by an attacker to execute arbitrary scripts on the web browser ...
UBUNTU-CVE-2022-45150
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in...
Apache JSPWiki 跨站脚本漏洞
Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Apache Foundation. Apache JSPWiki has a security vulnerability that stems from the fact that a carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability that an attacker could...
CVE-2022-1667
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC e.g., from the browser console or by loading the corresponding, browser accessible PHP script...
GHSA-RM24-25XM-9454 Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window...
Organizr 代码问题漏洞
Organizr is a tab management system. Designed to be a one-stop store for server front ends, Organizr versions prior to 2.1.1810 have a file upload vulnerability that stems from the lack of valid validation of uploaded files by the application, which can be exploited by attackers to upload .svg...
showdoc 跨站脚本漏洞
showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .aspx file extensions in the application's file upload functionality. An attacker could use this...
Cross-site Scripting (XSS) - Stored in osticket/osticket
Description As it is written on github profile, osTicket is a widely-used open source support ticket system. During source code research I discovered bad uploaded file type check, which is controlled by user. Unauthenticated user can upload malicious html/js file. FROM OWASP:: Cross-Site Scriptin...
CVE-2021-30620
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink...
VMware vRealize Log Insight 跨站脚本漏洞
Vmware VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A cross-site scripting vulnerability exists in VMware vRealize Log Insight that stems from insufficient cleansing of user-supplied data...
Vulnerability fixed in Cacti
Vulnerabilities have been fixed in Cacti. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Not every vulnerability h...
PHP Factory MailForm01 跨站脚本漏洞
php factory MailForm01 is a free PHP mail form program from PHP Factory Japan that can be easily installed with just one file. A security vulnerability exists in MailForm01 versions prior to 2021-05-20, which stems from insufficient harmless handling of user-supplied data. An attacker can exploit...
Multiple vulnerabilities in baserCMS
Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 OS command injection CWE-78 - CVE-2021-20682 Improper Neutralization of JavaScript input in the...
Vulnerabilities fixed in F5 BIG-IQ
F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...
CVE-2021-21277
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...
Remote code execution
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...
Vulnerabilities fixed in MISP
Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to bypass a security measure and perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers of MIS...
Akamai and Snyk Partnership Creates a Powerful Combination for In-Browser Script Protection
A web experience begins with the sum of the code you created. But it also includes all the code the user is put in contact with when loading your website. This means the attack surface to monitor for web application software threats is not just your code repositories, but the sum of the assets re...
Cross site scripting
The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects...
GraphQL Playground Cross-Site Scripting Vulnerability
GraphQL Playground is a graphical, interactive, in-browser GraphQL IDE Integrated Development Environment based on GraphiQL from Prisma Labs, Germany. A cross-site scripting vulnerability exists in GraphQL Playground graphql-playground-html NPM package. A remote attacker can exploit this...