PopojiCMS Cross-Site Scripting Vulnerability

PopojiCMS is an open source content management system CMS based on the Popoji framework. A cross-site scripting vulnerability exists in PopojiCMS. The vulnerability stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this vulnerability to...

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2019-40708)

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...

JetBrains YouTrack Cross-Site Scripting Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A cross-site scripting vulnerability exists in versions prior to JetBrains YouTrack...

JetBrains Upsource Cross-Site Scripting Vulnerability

JetBrains Upsource is a set of code review tools from the Czech company JetBrains. A cross-site scripting vulnerability exists in versions prior to JetBrains Upsource 2019.1.1412. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can...

Online Store System Cross-Site Scripting Vulnerability (CNVD-2019-40113)

Online Store System is an e-commerce system. A cross-site scripting vulnerability exists in Online Store System v1.0. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can exploit this vulnerability to execute client-side code...

TYPO3 cross-site scripting vulnerability (CNVD-2019-40295)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the back-end login box in TYPO3. The vulnerability stems from the lack of proper validation of client-side data by the WEB application, which...

Control Web Panel Cross-Site Scripting Vulnerability

Control Web Panel is a Linux web hosting control panel. A cross-site scripting vulnerability exists in Control Web Panel version 0.9.8.885, which stems from the lack of proper validation of client-side data by the web application and can be exploited by an attacker to execute client-side code...

Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2019-39370)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in Dolibarr ERP/CR...

Thycotic Secret Server Cross-Site Scripting Vulnerability (CNVD-2019-38073)

Thycotic Secret Server is a privileged account management solution from Thycotic USA. A cross-site scripting vulnerability exists in Thycotic Secret Server versions prior to 10.7. The vulnerability stems from the lack of proper validation of client-side data by the WEB application, and can be...

hexo-admin plugin for Node.js cross-site scripting vulnerability

hexo-admin plugin for Node.js is a backend administration plugin for use in Node.js. A cross-site scripting vulnerability exists in the Post editor feature in hexo-admin plugin for Node.js version 2.3.0 and earlier, which stems from the lack of proper validation of client-side data in a web...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-37885)

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in FusionPBX 4.5.7 and earlier versions, which...

Loofah gem for Ruby cross-site scripting vulnerability (CNVD-2019-36965)

Loofah gem for Ruby is a Ruby-based library for processing and converting HTML/XML documents. A cross-site scripting vulnerability in Loofah gem for Ruby version 2.3.0 and earlier, which stems from a lack of proper validation of client-side data in a web application, can be exploited by an attack...

WiKID Systems 2FA Enterprise Server Cross-Site Scripting Vulnerability

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A cross-site scripting vulnerability exists in WiKID 2FA Enterprise Server 4.2.0-b2047 and prior versions. The vulnerability stems from a WEB application lacking proper authentication of client data...

Etherpad-Lite Cross-Site Scripting Vulnerability

Etherpad-Lite is a Web-based open source document editor from the Etherpad Foundation. A cross-site scripting vulnerability exists in the templates/pad.html page in Etherpad-Lite version 1.7.5, which stems from a lack of proper validation of client-side data in the WEB application and can be...

WordPress eu-cookie-law plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. eu-cookie-law is a website cookie notification confirmation plugin used in it. Cross-site scripting vulnerability exists in WordPress...

Gila CMS Cross-Site Scripting Vulnerability (CNVD-2019-36960)

Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in gila-blog and gila-mag in Gila CMS 1.11.4 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

Kirona Solutions Dynamic Resource Scheduling Cross-Site Scripting Vulnerability

Kirona Solutions Dynamic Resource Scheduling DRS is a suite of dynamic resource scheduling software for field services from Kirona Solutions, UK. A cross-site scripting vulnerability exists in Kirona Dynamic Resource Scheduling DRS version 5.5.3.5. The vulnerability stems from a lack of proper...

WordPress altos-connect plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. altos-connect is one of the plugins used in it. A cross-site scripting vulnerability exists in version 1.3.0 of the WordPress...

Flower Cross-Site Scripting Vulnerability

Flower is a web-based tool for monitoring and managing Celery clusters. A cross-site scripting vulnerability exists in Flower version 0.9.3, which stems from a lack of proper validation of client-side data by the WEB application and can be exploited by an attacker to execute client-side code...

Sentrifugo Cross-Site Scripting Vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A cross-site scripting vulnerability exists in Sentrifugo version 3.2. The vulnerability stems from the WEB applicati...