XXL-JOB 跨站脚本漏洞

XXL-JOB is a java-based distributed task scheduling platform from the XXL XXL-JOB community. xxl-job version 2.3.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute JavaScript programs...

Barco Control Room 跨站脚本漏洞

Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14. The vulnerability stems from the URL parameter of the...

School Dormitory Management System 跨站脚本漏洞

School Dormitory Management System is a school dormitory management system. v1.0 of School Dormitory Management System has a cross-site scripting vulnerability that originates from admin/inc/navigation.php:125 page that lacks a filter for user The vulnerability is caused by a lack of checksum...

Barco Control Room 跨站脚本漏洞

Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, the Barco Control Room Management Suite web application version 3.14 previously contained a cross-site scripting vulnerability that could be exploited by attackers to execute JavaScri...

WordPress plugin Enable SVG 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Enable SVG plugin version 1.4.0 or earlier has a cross-site scripting vulnerability that...

WordPress plugin Slideshow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress Slideshow plugin 2.3.1 and earlier versions have a cross-site scripting vulnerability...

WordPress plugin Poll Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. Cross-site scripting vulnerabilities exist in versions of the WordPress Poll Maker plugin prior t...

WordPress plugin Quotes llama 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Quotes llama plugin 0.7 and earlier versions have a cross-site scripting vulnerability that...

USN-5435-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security...

GHSA-C8J6-GQQ8-4PRJ Alkacon OpenCMS XSS via New User module

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...

GHSA-6988-G89M-27VF Magento stored cross-site scripting (XSS) in the customer address upload feature

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

Magento stored cross-site scripting (XSS) in the customer address upload feature

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

MantisBT HTML Injection vulnerability

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...

GHSA-QGRR-F26J-87VF MantisBT XXS where a Custom Field with a crafted Regular Expression property is used

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of...

GHSA-P9XP-XGHP-GQVP bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?posttype=forum aka the Forum listing page for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI...

GHSA-8MC4-2XRC-G582 Plone cross site scripting (XSS)

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site...

Plone cross site scripting (XSS)

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site...

Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

Magento Reflected cross-site scripting on customer cart page

A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's...

Home Clean Services Management System 跨站脚本漏洞

Home Clean Services Management System is a home cleaning service system. version 1.0 of Home Clean Services Management System is vulnerable to a cross-site scripting vulnerability that originates in register.php?link=registerand lacks checksum filtering of user-supplied data and a lack of data...