5964 matches found
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
PT-2022-6053 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue exists due to inadequate protection of the web page structure. An attacker, acting remotely, can exploit this to execute arbitrary code using a specially crafted link...
CVE-2022-43996
The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...
Cross-site scripting vulnerability in TinyMCE alerts
Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...
CVE-2022-23494
tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...
CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts
tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...
CVE-2022-23494
Removed by vendor...
CVE-2022-38754
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM Operations Bridge Manager user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is on...
CVE-2022-43668
Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product...
PT-2022-26996 · Typora · Typora
Name of the Vulnerable Software and Affected Versions: Typora versions prior to 1.4.4 Description: The issue is related to the improper neutralization of JavaScript code. When a file is opened with the affected product, it may result in the execution of JavaScript code contained in the file...
PT-2022-7126 · Samsung · Galaxy Store
Name of the Vulnerable Software and Affected Versions: Galaxy Store versions prior to 4.5.49.8 Description: The issue exists due to inadequate protection of the web page structure, allowing an attacker to execute a JavaScript script when a web page is loaded. This is caused by an improper input...
CVE-2022-31777
A stored cross-site scripting XSS flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI...
CVE-2022-4068 Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary...
CVE-2022-4022
The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...
CVE-2022-40846
In Tenda AC1200 Router model W15Ev2 V15.11.0.101576, a Stored Cross Site Scripting XSS vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname...
Tenda AC1200 跨站脚本漏洞
The Tenda AC1200 is a wireless router from Tenda China. A security vulnerability exists in the Tenda AC1200 version 15.11.0.10, which stems from a stored cross-site scripting issue. The vulnerability allows an attacker to execute JavaScript code by leveraging the filter tabs specifically the URL...
XSS and CSP bypass in app.diagrams.net
Description The application reflects an input from the url without sanitizing it. With a csp bypass from apis.google.com its possible to execute javascript code. Proof of Concept...
PYSEC-2022-42976
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...
Fortinet FortiManager和FortiAnalyzer 跨站脚本漏洞
Fortinet FortiManager and Fortinet FortiAnalyzer are both products from Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains...
CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...