Kiwi TCMS 跨站脚本漏洞

Kiwi TCMS is Kiwi TCMS open source a leading open source test management system for manual and automated testing. A cross-site scripting vulnerability exists in Kiwi TCMS versions prior to 12.1. An attacker exploiting this vulnerability can execute JavaScript code...

DEBIAN-CVE-2023-26486

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...

Unrestricted File Upload

pimcore/pimcore is vulnerable to Unrestricted File Upload. The vulnerability exists in the uploadImageAction function in UserController.php because the file type of the avatar is not properly checked when uploading which allows an attacker to upload arbitrary files into the system, and execute...

CVE-2023-21434

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page...

CVE-2022-34322

Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification me...

Multiple Siemens products open to redirection vulnerabilities

Siemens Desigo PX is a building automation control system from Siemens Germany. Several Siemens products have an open redirection vulnerability, which stems from the fact that the device's embedded browser does not prevent interaction with an alternate URI scheme when the Web application code...

多款Siemens产品跨站脚本漏洞

Siemens Desigo PX is a building automation control system from Siemens Germany. Several Siemens products have an open redirection vulnerability, which stems from the fact that the device's embedded browser does not prevent interaction with an alternate URI scheme when the Web application code...

CVE-2022-27166 XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim...

WordPress plugin Private Messages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Private Messages plugin 2.1.10 and earlier versions are vulnerable to a cross-site scriptin...

GHSA-HQX2-J33X-9FC4 Gitea XSS Vulnerability in Repository Description

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...

GHSA-HQFH-P9H7-M6V5 Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code. The maintainers state that the issue is fixed in version 7.0.0...

Cross site scripting

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...

CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code...

F-Secure SAFE Browser for Android跨站脚本漏洞

F-Secure F-Secure SAFE is a suite of antivirus software from the Finnish company F-Secure F-secure.F-Secure SAFE Browser for Android is vulnerable to cross-site scripting, which can be exploited by attackers to remotely execute JavaScript and trigger generic cross-site scripting through the brows...

U.S. Dept Of Defense: Reflected XSS at https://██████/██████████ via "████████" parameter

There is Reflected Cross site scripting issue at the following url: https://█████/████ Proof Of Concept https://████████/███████?text=&███=%22%3E%3Csvg/onload=alert1%3E████ ███████ Best Regards @pelegn Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing javascript on the victim behalf...

CVE-2021-29109

A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

CVE-2020-20642

Cross Site Request Forgery CSRF vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn...

CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...

CVE-2019-1010314

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...

CVE-2019-1010314

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...