Dolibarr cross-site scripting vulnerability (CNVD-2020-04932)

Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in Dolibarr. The...

Facebook WhatsApp Cross-Site Scripting Vulnerability

Facebook WhatsApp is a suite of mobile applications from the American company Facebook that utilize the web to deliver text messages. The application uses the contact information in a smartphone to find contacts using the program to send texts, pictures, and more. A cross-site scripting...

MDaemon Email Server Cross-Site Scripting Vulnerability

MDaemon Email Server is an email server. A cross-site scripting vulnerability exists in MDaemon Email Server version 17.5.1. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side code...

Eclipse Memory Analyzer Cross-Site Scripting Vulnerability

Eclipse Memory Analyzer is a memory analysis tool from the Eclipse Foundation. A cross-site scripting vulnerability exists in Eclipse Memory Analyzer 1.9.1 and prior versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...

Pivotal Software Spring Framework Cross-Site Scripting Vulnerability

Pivotal Software Spring Framework is the U.S. Pivotal Software's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A cross-site scripting vulnerability exists in Pivotal Software Spring Framework versions 5.2.x prior to 5.2.3,...

Power Quotient International AirCard Cross-Site Scripting Vulnerability

Power Quotient International AirCard is a wireless-enabled memory card from Power Quotient International in Taiwan, China. A cross-site scripting vulnerability exists in Power Quotient International AirCard. The vulnerability stems from a lack of proper validation of client-side data by the web...

Koala Framework Cross-Site Scripting Vulnerability

Koala Framework is a web application framework. A cross-site scripting vulnerability exists in Koala Framework versions prior to 2011-11-21. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute...

Serpico Cross-Site Scripting Vulnerability (CNVD-2020-03851)

Serpico is a penetration test report generation and collaboration tool. A cross-site scripting vulnerability exists in admin/adduser/UID in Serpico version 1.3.0, which stems from the lack of proper validation of client-side data in a WEB application and can be exploited by an attacker to execute...

Hospital Management System Cross-Site Scripting Vulnerability

Hospity is a cloud-based software for EMR maintenance in hospitals, clinics, labs, and pharmacies. A cross-site scripting vulnerability exists in Hospital Management System version 4.0, which stems from a lack of proper validation of client-side data in the WEB application and can be exploited by...

Fileview Cross-Site Scripting Vulnerability

fileview package is a file viewer. A cross-site scripting vulnerability exists in fileview package version v0.1.6. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side code...

WordPress spreadshirt-rss-3d-cube-flash-gallery cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. spreadshirt-rss-3d-cube-flash-gallery is an image gallery plugin used in it. A cross-site scripting vulnerability exists in WordPress...

DTEN D5 and DTEN D7 Code Execution Vulnerabilities

The DTEN D5 and DTEN D7 are both stylus pens from DTEN. A security vulnerability exists in DTEN D5 and D7 versions prior to 1.3.4. An attacker can exploit the vulnerability to perform system administration and execute arbitrary code to obtain data displayed by Zoom Client...

Codoforum cross-site scripting vulnerability (CNVD-2020-03271)

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 4.8.3. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side...

Determine Contract Lifecycle Management Cross-Site Scripting Vulnerability

Determine Contract Lifecycle Management CLM is a suite of enterprise contract lifecycle management solutions from Determine Corporation. A cross-site scripting vulnerability exists in the getchart.jsp file in Determine CLM version 5.4, which stems from the lack of proper validation of client-side...

Sencha Labs Connect Cross-Site Scripting Vulnerability

Sencha Labs Connect is an extensible HTTP server framework for Node.js. A cross-site scripting vulnerability exists in the 'connect.methodOverride' function in Sencha Labs Connect. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker cou...

SmokePing Cross-Site Scripting Vulnerability

SmokePing is a network monitoring software developed by Tobias Oetiker, a Swiss software developer. The program's function is to monitor network performance, including monitoring www server performance, monitoring DNS query performance, monitoring SSH performance and so on. A cross-site scripting...

WordPress WP-Planet Cross-Site Scripting Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP-Planet is one of the plugins used in it. WordPress WP-Planet 0.1 and earlier versions of the rss.class/scripts/magpiedebug.php...

GitLab EE Cross-Site Scripting Vulnerability (CNVD-2020-03767)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab...

WordPress Cross-Site Scripting Vulnerability (CNVD-2020-01155)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the module editor in WordPress versions prior to 5.3.1. The...

Trend Micro Apex One Cross-Site Scripting Vulnerability

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. A cross-site scripting vulnerability exists in the product console in Trend Micro Apex One 2019. The vulnerability stems from a lack of...