CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2024-22213

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

Design/Logic Flaw

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

CVE-2023-45540

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...

CVE-2023-42180

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

Privilege escalation

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

CVE-2023-42180

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

PT-2023-28287 · Lenosp · Lenosp

Name of the Vulnerable Software and Affected Versions: lenosp versions 1.0 through 1.2.0 Description: The issue allows attackers to execute HTML code via a crafted JPG file. This is achieved through an arbitrary file upload vulnerability in the /user/upload component. Recommendations: For version...

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Mozilla Firefox 竞争条件问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from insufficient cleaning of user-supplied data, and can be exploited by remote attackers to execute arbitrary HTML and script code in a...

ROS-2-877

2.877 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to improper code generation management, allows a perpetrator to execute arbitrary HTML code.

The vulnerability of the online business analytics service IBM Cognos Analytics is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

Cross site scripting

An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2021-26549

CVE-2021-26549 : SmartFoxServer 2X/2.17.0 exposes a cross-site scripting vulnerability in the AdminTool console where input is not properly sanitized before reflection. This enables an attacker to inject arbitrary HTML/JS that can execute in a user’s browser within the context of the affected sit...

RSA Archer Cross-Site Scripting Vulnerability (CNVD-2021-24477)

RSA Archer is the GRC Enterprise Risk Management Suite. A stored cross-site scripting vulnerability exists in Archer versions prior to 6.8 P4. An attacker can exploit this vulnerability to execute HTML or JavaScript code...

The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite allows a hacker to execute HTML code.

The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code into the user’s browser by placin...

Cross site scripting

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filterAutoExecuteCmd' parameter value in the view filter filter.php because proper filtration is omitted...