5662 matches found
CVE-2022-1175
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...
CVE-2022-1175
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...
CVE-2022-1175
GitLab CE/EE is affected by CVE-2022-1175 due to improper neutralization of user input in notes, enabling Stored XSS. Affected ranges are GitLab CE/EE versions: 14.4 up to before 14.7.7, 14.8 up to before 14.8.5, and 14.9 up to before 14.9.2. Connected documents indicate fixes exist in later rele...
CVE-2022-1175
Removed by vendor...
CVE-2022-24710
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...
Weblate 跨站脚本漏洞
A cross-site scripting vulnerability exists in Weblate, a Copyleft web-based free software continuous localization system, which stems from the failure of versions prior to 4.11 to properly neutralize user input used in the username and language fields. As a result of this improper neutralization...
Schneider Electric EcoStruxure Power Monitoring Expert 跨站脚本漏洞
The Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric, France, for power distribution monitoring in IoT environments. The Schneider Electric EcoStruxure Power Monitoring Expert suffers from a cross-site scripting vulnerability that stems from an incorrect...
Cross site scripting
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...
CVE-2021-43062
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...
Cross site scripting
A CWE-79 Improper Neutralization of Input During Web Page Generation ?Cross-site Scripting? vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...
CVE-2021-45223
An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes...
CVE-2021-45223
An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes...
Cross site scripting
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting XSS via malicious links affecting the search window and activity view window...
Input validation
An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes...
CVE-2021-45225
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting XSS via malicious links affecting the search window and activity view window...
CVE-2021-45223
An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes...
PT-2022-12308 · Coins · Coins Construction Cloud
Name of the Vulnerable Software and Affected Versions: COINS Construction Cloud version 11.12 Description: The issue is related to insufficient input neutralization, making it vulnerable to denial of service attacks via forced server crashes. Recommendations: For COINS Construction Cloud version...
CVE-2021-39946
Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis...
Cross-site Scripting (XSS)
pimcore/pimcore is vulnerable to cross-site scripting XSS attacks. An attacker is able to bypass the validations due to improper input neutralization during web page generation. The vulnerability can be exploited via changing the rule name in the admin dev page allowing attackers to inject and...
CVE-2022-0257
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...