5805 matches found
Online Student Rate System 跨站脚本漏洞
Online Student Rate System is an online grading system for students. v1.0 of the Online Student Rate System is vulnerable to a cross-site scripting vulnerability that stems from a lack of validation filtering of user-supplied data and output data in the page parameter of the index.php file. An...
MantisBT 跨站脚本漏洞
MantisBT is the Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 2.25.5, which originated from a...
Jfinal CMS 跨站脚本漏洞
Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS v5.1.0 version of the cross-site scripting vulnerability , the...
74cms 跨站脚本漏洞
74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the path /company/service/increment/add/im missing data validation filters for user-supplied data and output. A...
Jenkins 跨站脚本漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the title attribute and alt attribute not being...
CVE-2021-41432
FlatPress 1.2.1 contains a stored XSS vulnerability that allows arbitrary JavaScript execution via blog content. Affected component is the blog content handler; the root cause is improper sanitization of content leading to stored payloads. Impact could include credential theft via cookie access, ...
Jenkins Plugin Sauce OnDemand 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
Foxit PhantomPDF < 10.1.8 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 10.1.8. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash...
Unioncms 跨站脚本漏洞
Unioncms is a content management system of China Union Capital Network Technology Unioncms Company. Unioncms v1.0.13 version of a cross-site scripting vulnerability, an attacker can exploit the vulnerability in the client to execute JavaScript code...
IdeaLMS 跨站脚本漏洞
IdeaLMS is an educational and learning management software from Idea. A cross-site scripting vulnerability exists in Idea IdeaLMS version 2022, which can be exploited by an attacker to execute JavaScript code on the client side...
WordPress plugin Ocean Extra 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Ocean Extra plugin 1.9.5, which stem...
ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 跨站脚本漏洞
ASG technologies ASG-Zena Cross Platform Server Enterprise Edition is a modern multi-platform workload automation solution from ASG technologies, Inc. A cross-site scripting vulnerability exists in ASG technologies ASG-Zena Cross Platform Server Enterprise Edition version 4.2.1, which stems from...
CVE-2021-41420
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel...
CVE-2021-41420
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel...
WordPress plugin Promotion Slider 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Promotion Slider plugin 3.3.4 and earlier versions contain a cross-site scripting...
WordPress plugin Newsletter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2021-41502
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting XSS vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute...
WordPress theme Ask me 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress theme Ask me plugin version 6.8.2 previously contained a cross-site scripting...
LibreHealth EHR 跨站脚本漏洞
LibreHealth EHR is a clinically-focused electronic health record EHR system designed to be easy to use out of the box and customizable for use in a variety of healthcare settings. The navigation.php page lacks filtering and escaping for parameters. An attacker could exploit this vulnerability to...
CVE-2022-31470
An XSS vulnerability in the indexmobilechangepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session for a logged-in user, can access and retrieve mailbox content...