CVE-2022-29168 Cross Site Scripting in Wire Messages

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

Wire 跨站脚本漏洞

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire has a cross-site scripting vulnerability that stems from insufficient...

Cross site scripting

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, filedownload.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScri...

MantisBT 跨站脚本漏洞

MantisBT is the Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 2.25.5, which originated from a...

Online Student Rate System 跨站脚本漏洞

Online Student Rate System is an online grading system for students. v1.0 of the Online Student Rate System is vulnerable to a cross-site scripting vulnerability that stems from a lack of validation filtering of user-supplied data and output data in the page parameter of the index.php file. An...

Rails 跨站脚本漏洞

Rails is a set of Rails team based on the Ruby language open source web application framework. Rails suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker can exploit the vulnerability to...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the title attribute and alt attribute not being...

74cms 跨站脚本漏洞

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the path /company/service/increment/add/im missing data validation filters for user-supplied data and output. A...

Jfinal CMS 跨站脚本漏洞

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS v5.1.0 version of the cross-site scripting vulnerability , the...

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition, related to the lack of measures taken to protect the website structure, allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

CVE-2021-41432

FlatPress 1.2.1 contains a stored XSS vulnerability that allows arbitrary JavaScript execution via blog content. Affected component is the blog content handler; the root cause is improper sanitization of content leading to stored payloads. Impact could include credential theft via cookie access, ...

Jenkins Plugin Sauce OnDemand 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

Unioncms 跨站脚本漏洞

Unioncms is a content management system of China Union Capital Network Technology Unioncms Company. Unioncms v1.0.13 version of a cross-site scripting vulnerability, an attacker can exploit the vulnerability in the client to execute JavaScript code...

IdeaLMS 跨站脚本漏洞

IdeaLMS is an educational and learning management software from Idea. A cross-site scripting vulnerability exists in Idea IdeaLMS version 2022, which can be exploited by an attacker to execute JavaScript code on the client side...

Foxit PhantomPDF < 10.1.8 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 10.1.8. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash...

WordPress plugin Ocean Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Ocean Extra plugin 1.9.5, which stem...

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 跨站脚本漏洞

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition is a modern multi-platform workload automation solution from ASG technologies, Inc. A cross-site scripting vulnerability exists in ASG technologies ASG-Zena Cross Platform Server Enterprise Edition version 4.2.1, which stems from...

CVE-2021-41420

A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel...

CVE-2021-41420

A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel...

WordPress plugin Promotion Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Promotion Slider plugin 3.3.4 and earlier versions contain a cross-site scripting...