CVE-2026-33889

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color values prefixed with -- bypass TinyColor validation intended for CSS custom properties, and the...

ApostropheCMS 安全漏洞

ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Versions of ApostropheCMS 4.28.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by a storage-side cross-site scripting vulnerability in the @apostrophecms/color-field...

EUVD-2012-5474

Malware in sbrugna...

EUVD-2014-9545

Malware in sbrugna...

EUVD-2012-4428

Malware in sbrugna...

EUVD-2019-11435

Malware in sbrugna...

CVE-2012-5587

Cross-site scripting XSS vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link...

CVE-2014-9739

Cross-site scripting XSS vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields...

CVE-2012-5588

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors...

CVE-2012-4499

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors...

Drupal Gif Player Field module < 1.5.0,2.0.0-2.0.3 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Gif Player Field versions 1.5.0,2.0.0-2.0.3...

DRUPAL-CONTRIB-2023-040

The Data Field module provides a way of building field types that are made up of other fields, a simpler alternative to e.g. the Paragraphs system. Access to these forms isn't properly validated, allowing a user with the "access content" permission to view and edit fields on entities...

Atlassian Jira 8.0.2 < 8.7.0 Stored Cross-Site Scripting In Add Field Module

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 8.0.x prior to 8.7.0. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability i...

CVE-2019-20900

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. The affected versions are before version 8.7.0...

CVE-2019-20900

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. The affected versions are before version 8.7.0...

Cross site scripting

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. The affected versions are before version 8.7.0...

CVE-2019-20900

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. The affected versions are before version 8.7.0...

Atlassian JIRA Server and Data Center Add Field Module Cross-Site Scripting Vulnerability

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. The system is mainly used to track and manage all kinds of problems and defects in the workplace.Atlassian JIRA Data...

Stored XSS in Add Field module - CVE-2019-20900

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the Add Field module. Affected versions: version 8.7.0 Fixed versions: 8.7.0...

CVE-2014-9739

Cross-site scripting XSS vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields...