Design/Logic Flaw

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI...

CVE-2022-28650

JetBrains YouTrack before 2022.1.43700 is affected by a cross-site scripting issue that enables an attacker to inject JavaScript into Markdown in the YouTrack Classic UI. This CVE is corroborated by multiple records (e.g., Red Hat, CNVD, CVE listings) describing the same vulnerability. The availa...

CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI...

JetBrains YouTrack 跨站脚本漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features bug tracking, creating workflows and monitoring project progress.JetBrains YouTrack 2022.1.43700 previously contained a security vulnerability that could be...

WordPress plugin UpdraftPlus WordPress Backup Plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress UpdraftPlus WordPress Backup plugin...

CVE-2021-44310

An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality...

Firmware Analysis and Comparison Tool 跨站脚本漏洞

Firmware Analysis and Comparison Tool FACT, a firmware analysis and comparison tool, is vulnerable to a cross-site scripting vulnerability in Firmware Analysis and Comparison Tool v3.2. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in the user...

WordPress plugin Simple Ajax Chat 跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Simple Ajax Chat plugin version 20220115 and earlier versions have a cross-site scripting vulnerability that stem...

CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code...

CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code...

CVE-2022-25221

The CVE-2022-25221 entry concerns Money Transfer Management System v1.0, where an attacker can inject JavaScript code via a URL and persuade a user to visit that link to execute the script. Root cause cited across sources is lack of input validation/filtering and output handling for user-supplied...

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

Hardcoded credentials

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

Major Content Management Systems affected by Multiple vulnerabilities

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Several flaws in well-known content management systems WordPress and Drupal have been uncovered. A content management system, or CMS, is software that allows users to create, manage, and edit website content without requiri...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The CVE-2022-24072 entry applies to Naver Whale Browser, with affected versions before 3.12.129.18. The root cause is improper data handling in the devtools API (devtools.inspectedWindow), allowing potentially attacker-controlled JavaScript execution within the extension store web page. Consequen...