Cross-site Scripting (XSS) - Reflected in phoronix-test-suite/phoronix-test-suite

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in mailcow/mailcow-dockerized

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Nextcloud 跨站脚本漏洞

A cross-site scripting vulnerability exists in Nextcloud Circles, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the failure of the product's Content-Security-Policy to properly handle incoming input data in...

WordPress Easy Social Icons Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Easy Social Icons plugin is a WordPress open source application plugin. WordPress Easy Social Icons plugin in...

WordPress plugin WP Customize Login 'Change Logo Title' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up websites on servers supporting PHP and MySQL databases, and can also be used as a content management system CMS. cross-site scripting vulnerability exists in the WordPress plugin WP Customize Login 'Change Log...

WordPress underConstruction cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress underConstruction plugin in version 1.18...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2021-71525)

IBM Maximo Asset Management is a comprehensive solution for asset-intensive industries to manage enterprise physical assets through a public platform. IBM Maximo Asset Management version 7.6.0, 7.6.1 contains a cross-site scripting vulnerability that stems from the lack of proper validation of...

ZOHO ManageEngine Log360 Cross-Site Scripting Vulnerability

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. A cross-site scripting vulnerability exists in ZOHO ManageEngine Log360, which stems from the product's failure to validate user data. An attacker could execute client-side...

ZOHO ManageEngine Log360 跨站脚本漏洞

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. A cross-site scripting vulnerability exists in ZOHO ManageEngine Log360, which stems from the product's failure to validate user data. An attacker could execute client-side...

WordPress plugin WPFront Scroll Top 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

EyouCMS Cross-Site Scripting Vulnerability (CNVD-2021-82434)

EyouCMS is an open source content management system CMS based on ThinkPHP.EyouCMS has a cross-site scripting vulnerability in version 1.3.6, which stems from a lack of validation of user input data and filtering of input data in the basicinformation area. An attacker could use this vulnerability ...

Zoo Management System 'Multiple' Cross-Site Scripting Vulnerability

Zoo Management System is a zoo management system. Zoo Management System 'Multiple' contains a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit this vulnerability to execute client-side code...

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Multiplayer Games. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can exploit this vulnerabili...

Domainmod 跨站脚本漏洞

A cross-site scripting vulnerability exists in Domainmod, a PHP and MySQL-based open source application for managing domain names and other Internet assets in a central location from the Domainmod community, which stems from the lack of proper validation of client-side data by the web application...

Advantech WebAccess/SCADA Cross-Site Scripting Vulnerability (CNVD-2021-59236)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech WebAccess/SCADA, which originates from UserExcelOut.asp failing to properly validate the correctness of user data. The...

DELL Dell EMC iDRAC9 Cross-Site Scripting Vulnerability (CNVD-2021-94891)

DELL Dell EMC iDRAC9 is a system management solution comprising hardware and software from Dell USA. The solution provides remote management, crash system recovery and power control for Dell PowerEdge systems. A cross-site scripting vulnerability exists in Dell EMC iDRAC9 in versions prior to...

Advantech WebAccess/SCADA 跨站脚本漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech WebAccess/SCADA, which originates from UserExcelOut.asp failing to properly validate the correctness of user data. The...

Telegram Cross-Site Scripting Vulnerability

Telegram is an instant messaging mobile application. version 0.6.1 of Telegram Web K Alpha is vulnerable to a cross-site scripting vulnerability that stems from the fact that Telegram Web K Alpha allows XSS to pass through document names. An attacker could exploit the vulnerability to execute...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin MyStickymenu, which stems from t...

WDScanner Cross-Site Scripting Vulnerability

WDScanner is an easy-to-use distributed web vulnerability detection system. version 1.1 of WDScanner has a cross-site scripting vulnerability in the system administration page, through which an attacker can execute client-side code...