5963 matches found
CVE-2022-40183
An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user...
CVE-2022-40184 Stored Cross Site Scripting (XSS) in VIDEOJET multi 4000
Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option...
PT-2022-25265 · Unknown · Videojet Multi 4000
Name of the Vulnerable Software and Affected Versions: VIDEOJET multi 4000 affected versions not specified Description: The issue concerns incomplete filtering of JavaScript code in different configuration fields of the web-based interface. An attacker with administrative credentials can store...
CVE-2022-38200 BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server.
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser...
PT-2022-24277 · Esri · Arcgis Server
Name of the Vulnerable Software and Affected Versions: ArcGIS Server versions 10.7.1 through 10.8.1 Description: A cross-site scripting issue exists in certain map service configurations, allowing specifically crafted web requests to execute arbitrary JavaScript in the context of the victim's...
CVE-2022-42466
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...
CVE-2022-42466 XSS vulnerability, eg for String properties.
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...
CVE-2022-42466
Apache Isis prior to version 2.0.0-M9 is affected by a cross-site scripting vulnerability caused by input strings not being escaped when rendered, allowing injected scripts to execute. The issue is addressed in 2.0.0-M9 and later by escaping input strings during rendering. Affected products inclu...
CVE-2022-32176
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the...
Unrestricted file upload
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the...
CVE-2022-32176 Gin-vue-admin - Unrestricted File Upload
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the...
CVE-2022-32176
Gin-Vue-Admin is affected in versions v2.5.1 through v2.5.3b by an Unrestricted File Upload through the Media Library’s Compress Upload feature, enabling JavaScript execution and exposure of admin cookies, which can lead to account takeover. Root cause: insufficient restriction of file uploads. I...
CVE-2022-32177
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the...
Unrestricted file upload
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the...
CVE-2022-32177
CVE-2022-32177 concerns Gin-Vue-Admin versions v2.5.1–v2.5.3beta, where Unrestricted File Upload via the Media Library’s Normal Upload can trigger JavaScript execution. When an admin views the uploaded file, a low-privilege attacker may gain access to the admin’s cookie, enabling account takeover...
PT-2022-21140 · Unknown · Gin-Vue-Admin
Name of the Vulnerable Software and Affected Versions: Gin-Vue-Admin versions v2.5.1 through v2.5.3beta Description: The issue allows for Unrestricted File Upload, leading to the execution of javascript code through the 'Normal Upload' functionality to the Media Library. When an admin user views...
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...
CVE-2022-41349
In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...
CVE-2022-40178
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...