EDX Open edX 跨站脚本漏洞

EDX Open edX is an online learning management system from the U.S.-based edX EDX. Open edX suffers from a cross-site scripting vulnerability that stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side co...

Pixelimity 跨站脚本漏洞

Pixelimity is a PHP-based open source CMS Content Management System. Pixelimity 1.0 suffers from a cross-site scripting vulnerability that stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability to execute client-side code...

xArrow SCADA 跨站脚本漏洞

xArrow SCADA is an installer for industrial control products from xArrow in China. A cross-site scripting vulnerability exists in xArrow SCADA. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execut...

GetSimple CMS 跨站请求伪造漏洞

GetSimple CMS is a content management system CMS written in PHP. A security vulnerability exists in the My SMTP Contact v1.1.1 plugin for GetSimple CMS, which stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit the vulnerability to execute...

Chikitsa Patient Management System 跨站脚本漏洞

Chikitsa Patient Management System is a software application. An open source patient management software that is fast, responsive and easy to use. A security vulnerability exists in Chikitsa Patient Management System 2.0.0, which arises from a lack of proper validation of client-side data by the...

Mattermost Server 跨站脚本漏洞

Mattermost Server is an open source messaging platform from Mattermost, Inc. A cross-site scripting vulnerability exists in Mattermost Server, which stems from the lack of proper authentication of client-side data in OAuth-enabled Mattermost instances, and could be exploited to lure users into...

Advantech R-SeeNet 跨站脚本漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in Advantech R-SeeNet, which stems from the lack ...

Cacti cross-site scripting vulnerability (CNVD-2021-49081)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . Cacti suffers from a cross-site scripting vulnerability that exists...

Accela Civic Platform Cross-Site Scripting Vulnerability

Accela Civic Platform is Accela's application software cloud-based solution to modernize city systems for land management and code enforcement, increased civic engagement and mobile information access. Accela Civic Platform cross-site scripting vulnerability that stems from Accela Platform's lack...

Accela Civic Platform 跨站脚本漏洞

Accela Civic Platform is Accela's application software cloud-based solution to modernize city systems for land management and code enforcement, increased civic engagement and mobile information access. Accela Civic Platform cross-site scripting vulnerability that stems from Accela Platform's lack...

Gris CMS 跨站脚本漏洞

Gris CMS is a flat file CMS for developers and Markdown enthusiasts. A cross-site scripting vulnerability exists in Gris CMS v0.1, which stems from a lack of proper validation of client data in the web application, and can be exploited by an attacker to inject malicious JavaScript code to steal...

WAGO 跨站脚本漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed specifically for applications in industrial environments where digital algorithms operate electronic systems. A cross-site scripting vulnerability exists in WAGO. The vulnerability stems from a lack ...

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability (CNVD-2021-55893)

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks. a cross-site scripting vulnerability exists in Aruba ClearPass Policy Manager, which stems from the lack of proper validation of client data by the WEB...

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability (CNVD-2021-55894)

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks. a cross-site scripting vulnerability exists in Aruba ClearPass Policy Manager, which stems from the lack of proper validation of client data by the WEB...

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. A cross-site scripting vulnerability exists in Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.9, and 6.7.14-HF1, which stems from a lack of proper...

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks. a cross-site scripting vulnerability exists in Aruba ClearPass Policy Manager, which stems from the lack of proper validation of client data by the WEB...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22653)

Six Apart Movable Type is an application of Six Apart, Inc. Six Apart Movable Type has a cross-site scripting vulnerability in several of its products, which stems from the lack of proper validation of client data in the WEB application and can be exploited to inject arbitrary scripts via...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22652)

Six Apart Movable Type is an application of Six Apart, Inc. Six Apart Movable Type has a cross-site scripting vulnerability in several of its products, which stems from the lack of proper validation of client data in the WEB application and can be exploited to inject arbitrary scripts via...

Sourcecodester Doctor Appointment System Cross-Site Scripting Vulnerability

Sourcecodester Doctor Appointment System is a Sourcecodesterk open source application. Provides an appointment function . Sourcecodester Doctor Appointment System version 1.0 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data in the WEB...