5803 matches found
Design/Logic Flaw
An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log...
CVE-2021-42041
CVE-2021-42041 affects MediaWiki CentralAuth up to version 1.36.2, where the rightsnone message was not properly sanitized. This allows injection and execution of HTML/JavaScript via the setchange log, enabling a potential cross-site scripting vector. The CVSS metrics indicate a Network attack ve...
CVE-2021-42044
**CVE-2021-42044 (MediaWiki)FFECT: The issue affects the Mentor dashboard in the GrowthExperiments extension up to MediaWiki 1.36.2, where specific mentor- and mentee-related Messages (e.g., add-filter-total-edits, info-text, info-legend, active-ago) were not properly sanitized. This allows injec...
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that allows injection and execution of HTML and...
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki, which stems from...
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in Special:MediaSearch in MediaWiki's MediaSearch extension, whic...
UBUNTU-CVE-2021-39878
A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...
Cross-site Scripting (XSS) - Generic in snipe/snipe-it
Description At File Uploads allows for arbitrary execution of JavaScript Step to Reproduct XSS at filename Goto detail of one asset At tab File choose to upload file with filename contain payload: file'name XSS when upload file .svg In list file types are allowed don't have file .svg Goto detail ...
openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:1334-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1334-1 advisory. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the...
IceHrm 跨站脚本漏洞
IceHrm is a human resource management Hrm system that includes features such as employee management, leave management, and payroll. The system includes functions such as employee management, leave management and payroll management.IceHrm has security vulnerabilities on several pages that could be...
PYSEC-2021-350
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...
CVE-2021-25963 Shuup - Reflected XSS in Error Page
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...
CVE-2021-40711 Adobe Experience Manager Stored Cross-Site Scripting Could Lead to Arbitrary Code Execution
Adobe Experience Manager version 6.5.9.0 and earlier is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...
CVE-2021-39307
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code...
PDFTron WebViewer 跨站脚本漏洞
PDFTron WebViewer is an avaScript PDF library from PDFTron Canada for all browsers, frameworks and mobile devices with no server-side dependencies. Supports PDF, MS Office, CAD and more than 30 formats. A cross-site scripting vulnerability exists in PDFTron WebViewer UI 8.0 and prior versions,...
Cross site scripting
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...
CVE-2021-23037
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note:...
Cross site scripting
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note:...
Plesk Obsidian 跨站脚本漏洞
Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability in Plesk Obsidian versions 18.0.0 through 18.0.32 allows an attacker to execute JavaScript code in a victim's browser by using a link to preview a site hosted on the server...