Security Bulletin: IBM OmniFind Enterprise Edition and IBM Content Analytics (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467)

Abstract Potential security vulnerabilities exist in the IBM Eclipse Help System that is shipped with the IBM OmniFind Enterprise Edition and IBM Content Analytics products. Content The products listed below may be affected by security vulnerabilities in the IBM Eclipse Help System. This issue is...

Security Bulletin: Content Manager Enterprise Edition with use of IBM Eclipse Help System (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467)

Abstract Potential security vulnerabilities exist in the IBM Eclipse Help System that is shipped with the IBM Content Manager Enterprise Edition. Content Content: The products listed below may be affected by security vulnerabilities in the IBM Eclipse Help System. This issue is applicable only if...

EC-CUBE 跨站脚本漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE versions 4.0.0 through 4.1.2, which stems from a DOM-based cross-site scripting vulnerability that could allow a remote attacker to execute arbitrary script on the...

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...

Cross site scripting

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...

CVE-2022-2729

Cross-site Scripting XSS - DOM in GitHub repository openemr/openemr prior to 7.0.0.1...

PT-2022-4147 · Siemens · Scalance W-700 +9

Name of the Vulnerable Software and Affected Versions: SCALANCE M-800 / S615 versions prior to V2.3.1 SCALANCE SC-600 family versions prior to V2.3.1 SCALANCE W-1700 IEEE 802.11ac family versions prior to V2.3.1 SCALANCE W-700 IEEE 802.11ax family versions prior to V2.3.1 SCALANCE W-700 IEEE...

Siemens SCALANCE product has an unspecified vulnerability (CNVD-2022-56474)

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

LY Corporation: Stored XSS Via Filename On https://partners.line.me/

An XSS vulnerability was found on the file upload feature of "partners.line.me". Attackers could upload a file with an XSS payload in the filename, which was not properly escaped by the server. This allowed for DOM-based XSS to be embedded in HTML. The uploaded files were stored for a limited tim...

CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System...

CVE-2022-32225

CVE-2022-32225 affects Veeam Management Pack for Microsoft System Center 8.0. Affected component: Help directory; vulnerability is a reflected DOM-based XSS that can be triggered when a user visits a crafted URL, enabling execution of arbitrary scripts in the user’s context. According to the conn...

XSS Vulnerability in Veeam Management Pack for Microsoft System Center v8

Vulnerability Details A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack...

lettersanitizer Denial of Service Vulnerability

lettersanitizer is a DOM-based HTML email cleaner for in-browser email rendering. A denial of service vulnerability exists in lettersanitizer versions prior to 1.0.2. The vulnerability stems from a failure to properly handle incoming error messages and can be exploited by an attacker to cause a...

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

Denial of service

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

CVE-2022-31103

Lettersanitizer is a DOM-based HTML email sanitizer. All versions below 1.0.2 are affected by a denial-of-service when processing the CSS at-rule @keyframes. The issue also affects React Letter via dependency on lettersanitizer. Root cause: improper handling of CSS at-rules in the sanitizer, lead...

CVE-2022-31103 Improper handling of CSS at-rules in lettersanitizer

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

lettersanitizer 代码问题漏洞

lettersanitizer is a DOM-based HTML email cleaner for in-browser email rendering. A denial of service vulnerability exists in lettersanitizer versions prior to 1.0.2. The vulnerability stems from a failure to properly handle incoming error messages and can be exploited by an attacker to cause a...