erxes 跨站脚本漏洞

erxes is an open source Hubspot/Qualtrics alternative to erxes open source. Enables SaaS providers and digital marketing agencies/developers to create unique experiences for their entire business. A security vulnerability exists in erxes 0.22.3 and prior versions, which stems from the presence of...

CVE-2021-32853 Erxes vulnerable to Cross-site Scripting

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

PT-2023-12185 · Erxes · Erxes

Name of the Vulnerable Software and Affected Versions: Erxes versions 0.22.3 and prior Description: Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting. This results in client-side code execution. The victim must follow a malicious link or be...

CVE-2021-32853 Erxes vulnerable to Cross-site Scripting

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

CVE-2022-42967

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...

Design/Logic Flaw

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...

CVE-2022-42967

Caret is affected by an XSS vulnerability in the Markdown preview mode that allows client-side code execution when a crafted Markdown file is opened. The issue is described across multiple sources as an XSS in Caret’s Markdown viewer, with impact on confidentiality, integrity, and availability of...

PT-2023-14164 · Caret · Caret

Name of the Vulnerable Software and Affected Versions: Caret affected versions not specified Description: The issue is related to an XSS attack that occurs when a user opens a crafted Markdown file with preview mode enabled, leading to client-side code execution. Recommendations: At the moment,...

Multiple XSS Vulnerabilities in Queue Condition

Description Cross-Site Scripting XSS vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code...

CVE-2022-3853 Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF

Cross-site Scripting XSS is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application...

MGASA-2022-0436 Updated dropbear packages fix security vulnerability

Updated dropbear package fixes a security vulnerability in dbclient:. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measure...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozila Firefox. An attacker could exploit the vulnerability to execute client-side code...

Fortinet FortiADC Cross-Site Scripting Vulnerability (CNVD-2023-02489)

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A cross-site scripting vulnerability exists in Fortinet FortiADC, which stems from incorrectly neutralizing input during web page generation. An attacker could exploit this vulnerability to execute client-side code...

CVE-2022-35554

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...

CVE-2022-24692

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2022-55670)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains TeamCity 2022.04. The vulnerability stems from a lack of data validation filtering of user-supplied data a...

CVE-2022-23165

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting XSS - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected produc...

Cross site scripting

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting XSS - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected produc...

ZZCMS Cross-Site Scripting Vulnerability (CNVD-2022-71404)

ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS 2021 is vulnerable to a cross-site scripting vulnerability that originates from a lack of restriction and filtering of user parameters in admanage.php. An attacker could exploit this vulnerability to execute client-side...

Zoho ManageEngine Netflow Analyzer Professional跨站脚本漏洞

ZOHO ManageEngine Netflow Analyzer is a web-based bandwidth monitoring tool from ZOHO, Inc. A cross-site scripting vulnerability exists in ZOHO ManageEngine Netflow Analyzer Professional version 7.0.0.2, which stems from the lack of proper validation of client-side data by the web application and...