5051 matches found
Fiyo CMS 跨站脚本漏洞
Fiyo CMS is a content management system and software that allows users to add and/or manipulate change website content. A cross-site scripting vulnerability exists in the tag parameter in Fiyo CMS version 2.0.6.1. An attacker can exploit this vulnerability to add html/JavaScript to html code...
Cross-Site Scripting (XSS)
drupal is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser...
PT-2021-21127 · Mediawiki +1 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 SocialProfile extension in MediaWiki versions through 1.36 Description: An XSS issue was discovered in the SocialProfile extension within MediaWiki. A privileged user with the awardmanage right could inject...
Input validation
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user...
CVE-2021-31832
CVE-2021-31832 affects McAfee Data Loss Prevention Endpoint (DLP) for Windows prior to version 11.6.200, due to improper neutralization of input in the ePO administrator extension’s alert configuration text field. The vulnerability allows a remote ePO DLP administrator to inject JavaScript into t...
PT-2021-19535 · Mcafee · Mcafee Data Loss Prevention Endpoint
Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention DLP Endpoint for Windows versions prior to 11.6.200 Description: The issue allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed...
CVE-2021-26079
CVE-2021-26079 affects Atlassian Jira Server/Data Center: the CardLayoutConfigTable component is vulnerable to remote XSS . Affected versions include Jira Server/Data Center before 8.5.15; 8.6.0 before 8.13.7; and 8.14.0 before 8.17.0. The vulnerability allows a remote attacker to inject arbitrar...
Jira Server and Jira Data Center 跨站脚本漏洞
Atlassian JIRA Server and Jira Server & Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. The system is mainly used for tracking and managing all kinds of problems and defects in the workplace.Jira Server & Dat...
FUDForum 3.1.0 Cross Site Scripting
Exploit Title: FUDForum 3.1.0 - 'srch' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27519 -Descriptio...
McAfee 数据库 跨站脚本漏洞
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...
FUDForum 3.1.0 - (srch) Reflected XSS Vulnerability
Exploit Title: FUDForum 3.1.0 - 'srch' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27519 -Descriptio...
FUDForum 3.1.0 - 'author' Reflected XSS
Exploit Title: FUDForum 3.1.0 - 'author' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27520...
4Images 1.8 - 'redirect' Reflected XSS
Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6 Version: 4Images Gallery 1.8 Tested on: Windows 10 and Kali CVE :...
4Images 1.8 Cross Site Scripting
Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6 Version: 4Images Gallery 1.8 Tested on: Windows 10 and Kali CVE :...
4Images 1.8 - (redirect) Reflected XSS Vulnerability
Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6 Version: 4Images Gallery 1.8 Tested on: Windows 10 and Kali CVE :...
FUDForum 3.1.0 - (author) Reflected XSS Vulnerability
Exploit Title: FUDForum 3.1.0 - 'author' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27520...
FUDForum 3.1.0 - 'srch' Reflected XSS
Exploit Title: FUDForum 3.1.0 - 'srch' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27519 -Descriptio...
CVE-2021-29668
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
CVE-2021-3529
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...
CVE-2021-3529
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...