Rocket.Chat: Blind XSS

Blind XSS The page located at https://livechat.coinflex.com/livechat suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability which occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject...

Mautic cross-site scripting vulnerability (CNVD-2021-07536)

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. Mautic 3.2.4 suffers from a cross-site scripting vulnerability that allows remote attackers to inject executable JavaScript via the Referer header of an...

Cross site scripting

A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI to chang...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI to chang...

How Page Integrity Manager Detects Real-World Magecart Attacks

Written by Ziv Eli - Engineering Manager, Security and Maor Hod - Senior Product Manager, Security In this blog, we will take a look at and break down a recent Magecart attack detected and mitigated by Page Integrity Manager. The impacted customer operates a large international e-commerce busines...

CVE-2021-21259

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instanc...

Authentication flaw

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instanc...

CVE-2021-21259

CVE-2021-21259 affects HedgeDoc before version 1.7.2, where an attacker could inject arbitrary JavaScript into a note that is executed when viewed in slide mode. Depending on instance configuration, authentication may not be required to create or edit notes. The issue is fixed in HedgeDoc 1.7.2; ...

CVE-2021-22849

Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS Stored Cross-site scripting attack...

CVE-2021-22849

CVE-2021-22849 affects Hyweb HyCMS-J1; the backend editing function does not filter special characters, enabling stored XSS where logged-in users can inject JavaScript. Root cause: insufficient input sanitization on editing payloads. Documented impact includes stored XSS risk with potential parti...

Hyweb HyCMS-J Cross-Site Scripting Vulnerability

Hyweb HyCMS-J1 is a text management system from the Chinese company Hyweb. Hyweb HyCMS-J1 suffers from a cross-site scripting vulnerability that stems from the back-end editing function not filtering special characters. An attacker can exploit this vulnerability to inject JavaScript syntax to...

Hedgedoc 跨站脚本漏洞

Hedgedoc is a Javascript-based Markdown document real-time editing and sharing platform by the Hedgedoc team. A cross-site scripting vulnerability exists in versions prior to HedgeDoc 1.7.2, which can be exploited by attackers to inject arbitrary JavaScript...

U.S. Dept Of Defense: Stored XSS at https://www.█████████.mil

Summary: Stored XSS exists at https://www.██████.mil. A user can fill out the form and upload a file containing javascript code to trigger XSS. Description: Stored XSS exists at https://www.████.mil. A user can fill out the form and upload a file containing javascript code to trigger XSS. Impact ...

Cross site scripting

A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the posttitle parameter...

CVE-2020-35582

A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the posttitle parameter...

Opentext Carbonite 跨站脚本漏洞

OpenText develops and markets Enterprise Information Management EIM software. A cross-site scripting vulnerability exists in OpenText Carbonite Server Backup Portal 8.8.7 and earlier versions, which originates from a failure to effectively filter user input at policy creation, allowing an...

CVE-2020-23849

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...

CVE-2020-23849

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...

IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-03014)

IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...