GHSA-7JG2-JGV3-FMR4 Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8, Firefox 60 and...

GHSA-R69C-5J7C-VM6Q Cross-site Scripting in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...

Cross site scripting

A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

Microweber vulnerable to cross-site scripting (XSS)

Microweber is a drag and drop website builder and a powerful next generation CMS. Microweber versions 1.2.15 and prior are vulnerable to cross-site scripting. This could lead to injection of arbitrary JaveScript code, defacement of a page, or stealing cookies. A patch is available on the master...

CVE-2022-25781

Cross-site Scripting XSS vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session...

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.16, which allows an...

Secomea GateManager 跨站脚本漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerabilities exist in versions prior to Secomea GateManager 9.7, which can be exploited by attackers to inject javascript or html into a logged-in user session...

CVE-2021-43932

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...

Code injection

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists because the attributes have not been sanitized properly which allows an attacker to inject and execute arbitrary javascript...

The vulnerability of the configuration page of the Elcomplus SmartPPT server allows a hacker to inject arbitrary JavaScript code into critical server parameters.

The vulnerability of the configuration page of the Elcomplus SmartPPT server lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into critical server parameters through a specially...

Cross-site Scripting (XSS)

element-plus is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the popperContent parameter in renderContent function, allowing an attacker to inject and execute malicious javascript via el-table-column...

CVE-2022-1027

The Page Restriction WordPress WP WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users...

Cross-site Scripting (XSS)

microweber is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of input in the endpoint allowing an attacker to inject maliciously crafted JavaScript into the system...

CVE-2021-32927

CVE-2021-32927 affects all versions of Uffizio GPS Tracker and is described as a Cross-Site Scripting vulnerability (CWE-79) caused by improper neutralization of input during web page generation. The issue enables an attacker to inject client-side JavaScript into multiple instances, potentially e...

CVE-2021-32927 Uffizio GPS Tracker Cross-site Scripting

An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker...

CVE-2022-26673

ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting XSS attacks...

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...

Cross site scripting

ACS Commons version 5.1.x and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to...