Booking Core 跨站脚本漏洞

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core suffers from a cross-site scripting vulnerability, which stems from a cross-site scripting XSS...

IBM Cloud Pak for Applications Cross-Site Scripting Vulnerability (CNVD-2022-05117)

IBM Cloud Pak for Applications is an application from IBM, Inc. A cross-site scripting vulnerability exists in IBM Cloud Pak for Applications, which stems from the product's lack of validation of user-side data and could be exploited to execute client-side code and potentially expose credentials ...

Kaseya VSA Cross-Site Scripting Vulnerability

Kaseya VSA is the RMM Remote Monitoring and Management software commonly used by Kaseya's Managed Service Providers MSPs in the United States to manage their customers' networks. A cross-site scripting vulnerability exists in Kaseya VSA, which can be exploited by an attacker to execute client-sid...

Arcgis Server Services Stored Cross-Site Scripting Vulnerability

Arcgis Server is the United States Esri company's a Web-oriented can be used to provide geographic location services, enterprise-class software platform. A stored cross-site scripting vulnerability exists in the Arcgis Server Services Directory, which arises from the platform not validating user...

Esri Arcgis Server 跨站脚本漏洞

Arcgis Server is the United States Esri company's a Web-oriented can be used to provide geographic location services, enterprise-class software platform. A stored cross-site scripting vulnerability exists in the Arcgis Server Services Directory, which arises from the platform not validating user...

PbootCMS Cross-Site Scripting Vulnerability

PbootCMS is an open source enterprise building content management system CMS using PHP language developed by PbootCMS individual developers. PbootCMS suffers from a cross-site scripting vulnerability that stems from the product's admin.php page not properly validating client-side data. An attacke...

IceWarp WebClient Cross-Site Scripting Vulnerability

Icewarp IceWarp WebClient is a web-based mail service client from IceWarp Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient, which stems from the P4 field of the product's Webmail Calender feature not validating user input data. The vulnerability can be exploited to execut...

PbootCMS 跨站脚本漏洞

PbootCMS is an open source enterprise building content management system CMS using PHP language developed by PbootCMS individual developers. PbootCMS suffers from a cross-site scripting vulnerability that stems from the product's admin.php page not properly validating client-side data. An attacke...

Joomla! 跨站脚本漏洞

A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...

Joomla! Cross-site scripting vulnerability (CNVD-2021-53938)

A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...

CVE-2021-22223

Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...

CVE-2021-22223

Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...

CVE-2021-22223

GitLab CE/EE vulnerable to Client-Side code injection via feature flag names (CVE-2021-22223). Affected versions: 11.9 up to before 14.0.2. Root cause: crafted feature flag name allows PUT requests on behalf of other users when a link is clicked. Impact: an attacker could perform actions on behal...

Cacti 跨站脚本漏洞

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . Cacti suffers from a cross-site scripting vulnerability that exists...

SmarterTools SmarterMail 跨站脚本漏洞

Smartertools SmarterTools SmarterMail is a set of mail server software from SmarterTools Smartertools, USA. The software supports spam filtering, statistics, simple mail transfer protocol SMTP authentication and other features. A cross-site scripting vulnerability exists in SmarterTools SmarterMa...

U.S. Dept Of Defense: Cross site scripting

Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. Impact Malicious...

QNAP Qcenter Cross-Site Scripting Vulnerability

Qnap Systems QCenter is a centralized management platform from China Weilian Qnap Systems that allows you to consolidate the management of multiple QNAP NAS. A cross-site scripting vulnerability exists in QNAP Qcenter in version 1.11.1004 and earlier versions, which stems from the product's lack ...

Plone Cross-Site Scripting Vulnerability (CNVD-2021-46652)

Plone is an open source content management system CMS built on the Zope application server. Plone suffers from a cross-site scripting vulnerability in versions 5.0 through 5.2.4 that stems from the fact that if a contributor creates a folder with a SCRIPT tag in the description field, the editor ...

WordPress plugin Smart Slider 'name' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in the WordPress plugin Smart Slider 'name',...

Plone 跨站脚本漏洞

Plone is an open source content management system CMS built on the Zope application server. Plone suffers from a cross-site scripting vulnerability in versions 5.0 through 5.2.4 that stems from the fact that if a contributor creates a folder with a SCRIPT tag in the description field, the editor ...