5057 matches found
GHSA-44CG-QCPR-FWJH Cross site scripting in francoisjacquet/rosariosis
A Cross Site Scripting XSS vulnerabilty exits in RosarioSIS before 7.6.1 via the xssclean function in classes/Security.php, which allows remote malicious users to inject arbitrary JaveScript of HTML.An example of affected components are all Markdown input fields...
WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting
On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to injec...
CVE-2022-24709
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...
Design/Logic Flaw
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...
CVE-2022-24709 Cross site scripting in @awsui/components-react
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...
CVE-2022-24709 Cross site scripting in @awsui/components-react
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...
CVE-2022-24709
The CVE-2022-24709 entry concerns @awsui/components-react (the AWS UI React component library). Affected versions before 3.0.367 fail to properly neutralize user input, which may permit JavaScript injection (XSS) when rendering content. The issue has been characterized across multiple sources as ...
CVE-2021-43943
CVE-2021-43943 affects Atlassian Jira Service Management Server and Data Center. Affected component: InsightDefaultCustomFieldConfig.jspa, in the /secure/admin/InsightDefaultCustomFieldConfig.jspa page, where an HTML/JavaScript payload can be injected via the Object Schema field due to insufficie...
RosarioSis 跨站脚本漏洞
RosarioSis is a free and open source student information system. It is used to manage students, create reports and make the right decisions. A cross-site scripting vulnerability exists in RosarioSIS versions prior to 7.6.1 that allows remote malicious users to inject arbitrary JavaScript or HTML...
components-react 跨站脚本漏洞
components-react is a set of React components that help create intuitive, responsive and accessible user experiences for web applications. A cross-site scripting vulnerability exists in versions prior to @awsui/components-react 3.0.367 that could allow javascript injection...
CVE-2022-22126
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
CVE-2022-23053
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...
Nasa Openmct 跨站脚本漏洞
Nasa Openmct is an open source open mission control technology from NASA, Inc. for visualizing data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct versions 1.3.0 through 1.7.7, which stems from the software's lack of effective filtering and escaping for...
Elastic Stack Kibana跨站脚本漏洞
Elastic Stack Kibana is an application from Elastic Stack USA. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through Elastic Stack. A security vulnerability exists in the Kibana index schema, which can be exploited by an authenticated attack...
Cross Site Scripting (XSS)
github.com/go-gitea/gitea is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization in the repository settings in the setting.go file allows the attacker to inject and execute arbitrary Javascript via the URL field in the external wiki/issue tracker...
CVE-2022-23049
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...
CVE-2022-23049
Exponent CMS 2.6.0patch2 is affected by a vulnerability where an authenticated user can inject persistent JavaScript in the User-Agent header at login. When an administrator visits the User Sessions tab, the injected script is executed, enabling session compromise of the administrator. The availa...
CVE-2022-23047
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...