CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in ckeeditor that allows injection of malformed fake object HTML, which could lead to the execution of JavaScript code...

MGASA-2021-0390 Updated rabbitmq-server packages fix security vulnerabilities

Updated rabbitmq-server packages fix security vulnerabilities: RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP...

DEBIAN-CVE-2021-37833

A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...

CVE-2021-37833

A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...

UBUNTU-CVE-2021-37833

A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...

CVE-2021-29979

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210618012634...

Information disclosure

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210618012634...

CVE-2021-29979

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210618012634...

CVE-2021-29979

CVE-2021-29979 concerns Hubs Cloud. The vulnerability allows a user to download shared content (HTML and JS), which could enable javascript execution in the Hub Cloud instance’s primary hosting domain on mozillareality/reticulum/1.0.1/20210618012634. Exploitation details are not provided in the d...

Yzmcms 跨站脚本漏洞

YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed by Yuan Zhimeng alone.YzmCMS version 5.2 has a cross-site scripting vulnerability. An attacker can use the sitecode parameter in admin/index/init.html to inject and execute javascript code...

Cross-site Scripting (XSS)

curly-bracket-parser is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser when used as a template library due to lack of user input sanitization...

Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...

CVE-2021-23411

Affected versions of this package are vulnerable to Cross-site Scripting XSS via the main functionality. It accepts input that can result in the output an anchor a tag containing undesirable Javascript code that can be executed upon user interaction...

CVE-2021-27517

Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...

Code injection

Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...

CVE-2021-27517

Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...

CVE-2021-21799

Cross-site scripting vulnerabilities exist in the telnetform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a...

CVE-2021-21801

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

CVE-2021-21802

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

CVE-2021-21802

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...