CVE-2022-36094 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history

XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascri...

CVE-2022-36094 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history

XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascri...

CVE-2022-36094

CVE-2022-36094 affects XWiki Platform Web Parent POM. The issue allows storing JavaScript that is executed when anyone views the history of an attachment whose name contains javascript, for versions starting from 1.0 up to but not including 13.10.6 and 14.30-rc-1. The vulnerability is mitigated b...

PT-2022-23184 · Xwiki · Xwiki +1

Name of the Vulnerable Software and Affected Versions: XWiki Platform Web Parent POM versions 1.0 through 13.10.5 XWiki Platform Web Parent POM versions 14.0-rc-1 through 14.3 Description: The issue allows storing JavaScript that will be executed by anyone viewing the history of an attachment...

PT-2022-23186 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.6 and 14.3 Description: The XWiki Platform Index UI allows storing JavaScript that will be executed by anyone viewing the deleted attachments index with an attachment containing JavaScript in its name...

SUSE-SU-2022:3101-1 Security update for zabbix

This update for zabbix fixes the following issues: - CVE-2022-35230: Javascript embedded in links for graphs page will be executed bsc1201290...

CVE-2022-39049

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...

CVE-2022-39049

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...

CVE-2022-39049

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...

UBUNTU-CVE-2022-39049

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...

CVE-2022-39049

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...

CVE-2022-39049

CVE-2022-39049 affects OTRS. An attacker with admin privileges can manipulate the URL to execute JavaScript in the OTRS context (XSS). Affected versions include OTRS 6.0.x (Community Edition) up to 6.0.34, 7.0.x up to 7.0.46, and 8.0.x up to 8.0.36. Remediation per connected sources: upgrade to 6...

The vulnerability of the Thunderbird email client, related to errors in processing input data, allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Thunderbird email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code by sending a specially crafted HTML email with a meta tag set to “refresh”...

Mozilla Thunderbird 跨站脚本漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports the IMAP and POP email protocols as well as the HTML email format. Mozilla Thunderbird suffers from a cross-site scripting vulnerabilit...

UBUNTU-CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

Deluge Web-UI 跨站脚本漏洞

Deluge Web-UI is a full-featured interface built using the ExtJS framework. A security vulnerability exists in Deluge Web-UI because it does not properly sanitize data in torrent files and parses it directly as HTML, allowing whoever provides a malicious torrent file to a user to execute arbitrar...

CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

Cross site scripting

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

Claroline 跨站脚本漏洞

Claroline is an open source learning management system from Claroline Open Source. A cross-site scripting vulnerability exists in Claroline version 13.5.7 and prior versions, which stems from vulnerability to cross-site scripting XSS attacks. The vulnerability can be exploited to obtain javascrip...

CVE-2022-30690

A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this...