Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability

Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...

SolarWinds Orion Platform Cross-Site Scripting Vulnerability

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...

Paessler PRTG Network Monitor Cross-Site Scripting Vulnerability (CNVD-2020-52850)

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A cross-site scripting vulnerability exists in Paessler PRTG Network Monitor version 20.1.56.1574. The vulnerability stems from the lack of proper validation of client-side data by...

Kordil EDMS Cross-Site Scripting Vulnerability

Kordil EDMS is an open source electronic document management system of the Turkish company Kordil . The system supports features such as document management and document control. A cross-site scripting vulnerability exists in the usersedit.php file, usersmanagementedit.php file, and...

Global RADAR BSA Radar Cross-Site Scripting Vulnerability

Global RADAR BSA Radar is a suite of anti-money laundering AML solutions for the financial sector from US-based Global RADAR. A cross-site scripting vulnerability exists in the 'Firstname' and 'Lastname' parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier versions. The vulnerability...

CVE-2020-13279

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system...

CVE-2020-13279

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system...

Caldera Cross-Site Scripting Vulnerability

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. A cross-site scripting vulnerability exists in Caldera version 2.7.0. The vulnerability stems from a lack of proper validation of client-side data b...

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-48232)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.3.0, 4.2.1 and 4.1.2. The vulnerability stems from the WEB application's lack of proper validation of client data. An attacke...

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-48229)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A cross-site scripting vulnerability exists in Mattermost Server versions prior to 4.3.0, prior to 4.2.1, and prior to 4.1.2. The vulnerability stems from a lack of proper validation of client data ...

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-19405)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab...

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-35334)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A cross-site scripting vulnerability exists in Mattermost Server versions prior to 2.2.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

CVE-2020-13262

Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link...

WSO2 Identity Server and IS as Key Manager Cross-Site Scripting Vulnerabilities

WSO2 Identity Server IS and WSO2 IS as Key Manager are both products of WSO2 Corporation, USA.WSO2 Identity Server is an identity server.WSO2 IS as Key Manager is a key manager. A cross-site scripting vulnerability exists in the Management Console Policy Administration user interface in WSO2...

Wiki.js Cross-Site Scripting Vulnerability

Wiki.js is Requarks.io team of a set of Node.js-based and written in JavaScript language open source Wiki software . A cross-site scripting vulnerability exists in Wiki.js versions prior to 2.4.107. The vulnerability stems from the WEB application's lack of proper validation of client-side data. ...

MONITORAPP AIWAF-VE and AIWAF-4000 Cross-Site Scripting Vulnerabilities

Monitorapp AIWAF-4000 is an application firewall from MONITORAPP Monitorapp, USA. A cross-site scripting vulnerability exists in MONITORAPP AIWAF-VE and AIWAF-4000 2020-06-16 and earlier versions. The vulnerability stems from a lack of proper validation of client data by the WEB application. An...

WordPress wpForo Forum plugin cross-site scripting vulnerability (CNVD-2021-24376)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wpForo Forum plugin is a forum plugin used in it. A cross-site scripting vulnerability exists in WordPress wpForo Forum...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-24378)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress, which stems from the lack of proper validation of...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-29465)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Laborator Xenon theme is a website theme plugin that uses one of the... A cross-site scripting vulnerability exists in...

CloudBees Jenkins ECharts API Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . ECharts API Plugin is used in one of the chart...