Mida Solutions eFramework Cross-Site Scripting Vulnerability

Mida Solutions eFramework is a suite of unified communications and collaboration services from Mida Solutions, Italy. A cross-site scripting vulnerability exists in Mida Solutions eFramework version 2.9.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2020-41739)

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A cross-site scripting vulnerability exists in SAP Business Objects...

Apache Airflow RBAC Admin Page Cross-Site Scripting Vulnerability

Apache Airflow is the United States Apache Apache Software Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site scripting vulnerability exists in the RBAC Admin page in Apac...

Cross site scripting

Insufficient output sanitization in Teltonika firmware TRB2R00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section...

CVE-2020-5769

Teltonika TRB2 firmware TRB2_R_00.02.02 contains insufficient output sanitization in the WEB application, enabling a remote, authenticated attacker to perform persistent cross-site scripting by injecting malicious client-side code into the DATA TO SERVER fields (URL/Host/Connection). Affected: Te...

Cross-site scripting vulnerability in WebKit component of multiple Apple products (CNVD-2020-43674)

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system. A cross-site scripting vulnerability exists in the WebKit component of several...

Wordpress Jannah Theme Stored Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A stored cross-site scripting vulnerability exists in Wordpress Jannah Theme. An attacker c...

phpList cross-site scripting vulnerability (CNVD-2020-41811)

phpList is an open source newsletter and email marketing software from phpList UK. A cross-site scripting vulnerability exists in phpList 3.5.4 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...

HCL AppScan Cross-Site Scripting Vulnerability

HCL AppScan is a suite of dynamic analysis testing tools from HCL India, which is primarily used for web security testing. A cross-site scripting vulnerability exists in HCL AppScan Enterprise Edition version 10.0.0 and earlier. The vulnerability stems from the lack of proper validation of...

SolarWinds Serv-U File Server Cross-Site Scripting Vulnerability (CNVD-2020-51523)

SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A cross-site scripting vulnerability exists in SolarWinds Serv-U File Server versions prior to 15.2.1. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...

jsPDF cross-site scripting vulnerability

jsPDF is a JavaScript-based PDF document generation library . A cross-site scripting vulnerability exists in all versions of jsPDF. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute client-si...

Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2021-17781)

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.2.11, 1.3.x prior to 1.3.14 and 1.4.x prior to 1.4.7. The...

Froala WYSIWYG HTML Editor Cross-Site Scripting Vulnerability

Froala WYSIWYG HTML Editor is a U.S. Froala company's Web-based WYSIWYG rich text editor . A cross-site scripting vulnerability exists in Froala WYSIWYG HTML Editor versions 3.0.6 through 3.1.1. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. A...

Red Hat Keycloak Cross-Site Scripting Vulnerability (CNVD-2021-17784)

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A cross-site scripting vulnerability exists in Red Hat Keycloak. The vulnerability stems from a lack of proper authentication of client-side da...

Atlassian JIRA Server and Data Center Cross-Site Scripting Vulnerability (CNVD-2021-36601)

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of the Australian company Atlassian Atlassian.Atlassian JIRA Server is a server version of a defect tracking management system. The system is mainly used to track and manage all kinds of issues and defects in the...

Atlassian Jira Service Desk Server and Data Center Cross-Site Scripting Vulnerability

Atlassian Jira Service Desk Server and Atlassian Jira Service Desk Data Center are both products of Atlassian Australia.Atlassian Jira Service Desk Server is the server version of an IT service desk and request tracking Atlassian Jira Service Desk Server is the server version of an IT service des...

Adobe Magento Form Builder Cross-Site Scripting Vulnerability

Adobe Magento is the United States Odo than Adobe company's set of open source PHP e-commerce system . The system provides rights management , search engines and payment gateways and other features . Form Builder is used in which a form to build extensions . Adobe Magento in the Form Builder...

Adobe Magento WebForms Pro M2 Cross-Site Scripting Vulnerability

Adobe Magento is the United States Odo than Adobe company's set of open source PHP e-commerce system . The system provides rights management , search engines and payment gateways , etc. WebForms Pro M2 is used in which a form to build extensions . Adobe Magento 2 in the WebForms Pro M2 version...

WordPress Nexos theme cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Nexos theme is a real estate website theme plugin used in it. A cross-site scripting vulnerability exists in WordPress Nexos...

Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability (CNVD-2021-39049)

Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...