Gogs 跨站脚本漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.7, which stems from the la...

CVE-2022-1584 Reflected XSS in microweber/microweber

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim...

Cross-Site Scripting (XSS)

@yaireo/tagify is vulnerable to cross-site scripting. The vulnerability exists in Tagify function in tagify.js because the placeholder input field is not escaped which allows a attacker to inject and execute arbitrary javascript...

F5 BIG-IP 多款产品跨站脚本漏洞

F5 BIG-IP and F5 BIG-IP Guided Configuration GC are both products of F5, Inc. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IP Guided Configuration is a configuration template. cross-site...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing, etc. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited by attackers to execute JavaScript in the context of the...

F5 BIG-IP APM 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A cross-site scripting vulnerability exists in F5 BIG-IP APM, which can be exploited by attackers to execute JavaScript in th...

CVE-2021-31674

Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant...

WordPress plugin Fast Flow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress Fast Flow plugin prior to 1.2.12, which...

Microweber Cross-Site Scripting Vulnerability

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in Microweber, which stems from the program's lack of checksum filtering of...

Updated firefox/nss/rootcerts packages fix security vulnerability

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash CVE-2022-1097. After a VR Process is destroyed, a reference to it may have been retained and used, leading to a...

CVE-2022-29584

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets CSS class for embedly is used, and JavaScript code is constructed to perform an action...

Jetbrains JetBrains IntelliJ IDEA 跨站脚本漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from Jetbrains Czech Republic.A cross-site scripting vulnerability exists in versions prior to JetBrains IntelliJ IDEA 2022.1, which stems from an error message in the internal web server that lacks a...

Hoosk CMS 跨站脚本漏洞

Hoosk CMS is a lightweight content management system. A cross-site scripting vulnerability exists in Hoosk CMS version 1.8.0, which can be exploited by an attacker to execute JavaScript code in a user's browser via an edit page...

Cross-site scripting - Stored via upload xml file

Description When user upload file with XML extension in white-list, server will stored XML file at assets/PortalNotesFiles/, so we can direct access and execute javascript code. Proof of Concept POST /rosariosis/Modules.php?modname=SchoolSetup/PortalNotes.php&modfunc=update HTTP/1.1 Host:...

CVE-2022-24799

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

Design/Logic Flaw

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799

CVE-2022-24799 describes a cross-site scripting vulnerability in Wire Webapp caused by insufficient escaping of markdown code highlighting, allowing execution of arbitrary HTML/JavaScript in the victim’s browser. Affected: wire-webapp and connected Wire desktop clients. Impact per description: at...

Zimbra 安全漏洞

Zimbra Collaboration aka ZCS version 9.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side...