CVE-2021-36603

Cross Site Scripting XSS in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1"...

CVE-2021-36603

Cross Site Scripting XSS in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1"...

Tasmota 跨站脚本漏洞

Tasmota is a replacement firmware for the ESP8266 with easy configuration using the webUI, OTA updates, automation using timers or rules, scalability, and full local control over MQTT, HTTP, serial or KNX. A security vulnerability exists in Tasmota firmware version 6.5.0 that could allow a remote...

PT-2023-12293 · Tasmota · Tasmota

Name of the Vulnerable Software and Affected Versions: Tasmota firmware version 6.5.0 Description: The issue allows remote attackers to inject JavaScript code via a crafted string in the Friendly Name 1 field. This enables Cross Site Scripting XSS attacks. Recommendations: For Tasmota firmware...

CVE-2021-36603

CVE-2021-36603 affects Tasmota firmware 6.5.0. An XSS flaw in the Friendly Name 1 field allows remote attackers to inject JavaScript via a crafted value, potentially compromising user browsers. Root cause: unsafe handling of user-supplied input in that field. Impact: described as XSS; no exploita...

CVE-2022-45911

An issue was discovered in Zimbra Collaboration ZCS 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not ge...

PT-2023-14792 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS version 9.0 Description: An issue was discovered in the Classic UI login page where XSS can occur by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Zimbra, USA. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server ZCS version 9.0, which stems from ...

Cross-site Scripting (XSS)

trafficserver is vulnerable to improper input validation. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

keynote is vulnerable to cross-site scripting. The vulnerability exists because the attrstos function of rumble.rb does not properly escape the quotes in attributes, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scripting attacks. The vulnerability exists due to improper user-input sanitization in the sidebar component, which allows an attacker to inject and execute malicious javascript...

CVE-2022-4142

The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufggalleryfilters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page,...

CVE-2022-4142

The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufggalleryfilters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page,...

Cross-site Scripting (XSS)

microweber/microwebe is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization in the html elements which allows an attacker to inject and execute malicious javascript...

Cross-Site Scripting (XSS)

smoothie is vulnerable to cross-site scripting. The vulnerability exists in multiple functions in smoothie.js because user inputs are not properly sanitized which allows an attacker to inject and execute arbitrary JavaScript...

PT-2022-27979 · Ibm · Ibm Urbancode Deploy

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 6.2.0.0 through 6.2.7.18 IBM UrbanCode Deploy versions 7.0.5.0 through 7.0.5.13 IBM UrbanCode Deploy versions 7.1.0.0 through 7.1.2.9 IBM UrbanCode Deploy versions 7.2.0.0 through 7.2.3.2 IBM UrbanCode Deploy...

PT-2022-7382 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance, Identity Manager version 10.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within...

CVE-2022-28703

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...

Cross-Site Scripting (XSS)

collective.task is vulnerable to cross-site scripting. The vulnerability exists in the renderCell function of table.py due to missing escape columns which allows an attacker to inject and execute malicious JavaScript...

Cross-Site Scripting (XSS)

org.wso2.carbon.registry is vulnerable to cross-site scripting. The vulnerability exists due to lack of encoding request parameters in the library which allows an attacker to inject and execute malicious JavaScript...