CVE-2022-35630

A cross-site scripting XSS issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2...

Cross-site Scripting (XSS)

fava is vulnerable to cross-site scripting. The vulnerability exists because of the lack of escaping error messages in errors.html, allowing an attacker to inject and execute malicious javascript through the malicious verbatim parameters...

Cross-site Scripting (XSS)

fava is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the querystring parameters of Query.svelte, allowing an attacker to inject and execute malicious javascript...

PT-2022-16328 · WordPress · Inspiro Pro

Name of the Vulnerable Software and Affected Versions: Inspiro PRO WordPress plugin affected versions not specified Description: The issue allows users with privileges as low as Contributor to inject JavaScript into the portfolio slider description due to a lack of sanitization. This can lead to...

Atlassian Jira Confluence Server and Data Center 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Confluence Server and Data Center, which originates in the Livesearch macro that allows remot...

CVE-2022-22999

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...

Cross site scripting

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...

markdown-it-decorate 跨站脚本漏洞

markdown-it-decorate is used to add attributes, IDs, and classes to Markdown by Rico Sta. Cruz, a personal developer in Australia. A security vulnerability exists in markdown-it-decorate, which can be exploited by an attacker to add the event handler javascript:xxx for links...

PT-2022-15769 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud devices affected versions not specified Description: The issue allows a malicious user with elevated privileges to construct and inject JavaScript payloads into an authenticated user's browser, potentially gaining...

Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. PoC Steps to reproduce: 1 As a Contributor, go to portfolio on the dashboard and add new item. 2 on the editing page that comes up, scroll...

PSA: Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability

The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been...

Cross site scripting

IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430...

Cross-Site Scripting (XSS)

mediawiki is vulnerable to cross-site scripting. The vulnerability exsits in showSuccessPage function in SpecialCreateAccount.php because the username is not properly escaped which allows an attacker to inject and execute javascript...

Improper Link Input Validation leads to Cross-site Scripting (XSS)

Description The link input validation is not filtered protocol javascript of href attribute. It allows attackers to inject malicious links to many fields of the website, such as author introduction, user summary, and book description, ... which could execute javascript code XSS. Proof of Concept...

CVE-2022-31035 External URLs for Deployments can include javascript in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the...

parse-url 跨站脚本漏洞

parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from a last fix can be bypassed and can be exploited by an attacker to place any malicious JS code on a web page...

PT-2022-10865 · Ibm · Ibm Cognos Analytics +1

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics version 2.0 IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

Cross-site Scripting (XSS)

krayin/laravel-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the v-html parameter in table-body.vue, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scriptingXSS attacks. The library does not properly validate the url parameter in application-urls.tsx which allows an attacker to inject and execute malicious javascript, capable of creating, modifying, and deleting resources...

SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:2134-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2134-1 advisory. - ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19...