Time in Status 跨站脚本漏洞

Atlassian Time in Status is a software application from Atlassian Australia that provides a process for identifying issues by reporting the time spent on each status, assignee or group for each issue. A cross-site scripting vulnerability exists in the Time in Status app for Jira in versions prior...

Blackboard Collaborate Ultra 跨站脚本漏洞

Blackboard Collaborate Ultra is a Blackboard open source application. Provides an online course management platform. Blackboard Collaborate Ultra 20.02 suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client data. An attacker can...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22654)

Six Apart Movable Type is an application of Six Apart, Inc. Six Apart Movable Type has a cross-site scripting vulnerability in several of its products, which stems from the lack of proper validation of client data in the WEB application and can be exploited to inject arbitrary scripts via...

Sourcecodesterk Doctor Appointment System 跨站脚本漏洞

Sourcecodester Doctor Appointment System is a Sourcecodesterk open source application. Provides an appointment function . Sourcecodester Doctor Appointment System version 1.0 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data in the WEB...

F5 BIG-IP AFM Cross-Site Scripting Vulnerability (CNVD-2021-13213)

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A cross-site scripting vulnerability exists in BIG-IP AFM, which originates from the lack of proper validation of client data by a WEB application. An attacker can exploit this vulnerability to execute...

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2021-13211)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data by th...

Six Apart Movable Type 跨站脚本漏洞

Six Apart Movable Type is an application of Six Apart, Inc. Six Apart Movable Type has a cross-site scripting vulnerability in several of its products, which stems from the lack of proper validation of client data in the WEB application and can be exploited to inject arbitrary scripts via...

PYSEC-2021-113

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

Open Build Service 跨站脚本漏洞

Open Build Service OBS is a general-purpose system for building and distributing packages from source code in an automated, consistent, and repeatable manner, organized by the Open Build Service. A cross-site scripting vulnerability exists in Open Build Service that stems from a lack of proper...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data by th...

Wekan 跨站脚本漏洞

Wekan is a highly finished open source kanban tool. wekan suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in WEB applications. An attacker could exploit the vulnerability to execute malicious javascript code...

Henriquedornas 跨站脚本漏洞

Henriquedornas is a web framework from Henriquedornas Brazil. Provides a framework for building websites. A cross-site scripting vulnerability exists in Henriquedornas that stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerabilit...

Tufin SecureTrack R20-2 GA Cross-Site Scripting Vulnerability

USA Tufin SecureTrack is a firewall policy management platform from Tufin USA USA. A cross-site scripting vulnerability exists in the Tufin SecureTrack R20-2 GA, which originates from a web application that lacks proper validation of client data. An attacker can exploit this vulnerability to...

B2evolution Cms Cross-Site Scripting Vulnerability

b2evolution is a community content management system based on PHP and MySQL. A cross-site scripting vulnerability exists in B2evolution Cms, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...

GotoAndPlay SNC SmartFoxServer Cross-Site Scripting Vulnerability

GotoAndPlay SNC SmartFoxServer is a development tool from GotoAndPlay SNC, USA. It provides rapid development of multiplayer games and applications. A cross-site scripting vulnerability exists in SmartFoxServer version 2.17.0. The vulnerability stems from a lack of proper validation of client-sid...

Fortinet FortiWeb 跨站脚本漏洞

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

Revive Adserver 跨站脚本漏洞

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver versions prior to 5.1.0, which stems from a lac...

Cisco Finesse Cross-Site Scripting Vulnerability (NVD-C-2021-11018)

Cisco Finesse is a set of call center management software from the U.S. company Cisco Cisco. Cisco Finesse suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data in the WEB application, which can be exploited by an attacker to execute client...

Cisco Finesse 跨站脚本漏洞

Cisco Finesse is a set of call center management software from the U.S. company Cisco Cisco. Cisco Finesse suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data in the WEB application, which can be exploited by an attacker to execute client...

Korzio Djv Command Injection Vulnerability

Korzio Djv is Korzio individual developers of a Javascript-based software used to dynamically verify the Json data format . A command injection vulnerability exists in versions prior to djv 2.1.4, which stems from the lack of proper validation of client-side data by the web application. An attack...