CVE-2022-39027

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

CVE-2022-39025

U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

Cross site scripting

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

Cross site scripting

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

CVE-2022-40739 Ragic, Inc. Ragic - Reflected XSS

Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS Reflected Cross-Site Scripting attack...

CVE-2022-39027 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

CVE-2022-39027 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

CVE-2022-39026 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

CVE-2022-39025 e-Excellence Inc. U-Office Force - Reflected XSS

U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

PT-2022-24680 · U-Office · U-Office

Name of the Vulnerable Software and Affected Versions: U-Office affected versions not specified Description: The issue is related to insufficient filtering for special characters in the Force Bulletin function, allowing an unauthenticated remote attacker to inject JavaScript and perform a Reflect...

Ragic 跨站脚本漏洞

Ragic is a No Code enterprise e-enablement tool from China Immediate Technology Ragic. A cross-site scripting vulnerability exists in versions of Ragic prior to 2022/06/28, which stems from insufficient filtering of special characters on the report generation page and can be exploited by a remote...

PT-2022-26020 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows a remote attacker to inject javascript code on the back url parameter in the "appLms/index.php?modname=faq&op=play" function, potentially leading to the theft of user cookies...

Forma Learning Management System 跨站脚本漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Forma Learning Management System 3.1.0 and prior versions, which originated from a vulnerability that allows remote attackers to inject JavaScript code into the backurl parameter, which ca...

M-Files Hubshare 注入漏洞

M-Files Hubshare is a collaboration solution from M-Files, Inc. designed to seamlessly share files, documents and collaborative content. A security vulnerability exists in M-Files Hubshare versions prior to 3.3.10.9, which stems from a vulnerability in its PDFtron that allows an authenticated...

e-Excellence U-Office Force 跨站脚本漏洞

e-Excellence U-Office Force is an e-Office platform from China's First Class Technology e-Excellence. U-Office Force suffers from a cross-site scripting vulnerability that stems from insufficient filtering of special characters in its Forum feature, which allows an unauthenticated, remote attacke...

e-Excellence U-Office Force 跨站脚本漏洞

e-Excellence U-Office Force is an e-Office platform from China's First Class Technology e-Excellence. U-Office Force suffers from a cross-site scripting vulnerability that stems from insufficient filtering of special characters in its Buletin feature, which allows an unauthenticated, remote...

PT-2022-24672 · Pdftron Systems +1 · Pdftron +1

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 3.3.10.9 Description: The issue allows authenticated attackers to perform an account takeover via a crafted PDF upload, exploiting a Javascript injection in PDFtron. Recommendations: For versions prior to...

CVE-2022-40184

Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option...

CVE-2022-36783 AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS)

AlgoSec – FireFlow Reflected Cross-Site-Scripting RXSS A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user victim. JavaScript code is executed on...

Hospital Management System 跨站脚本漏洞

Hospital Management System HMS is a computer system that helps manage health care-related information and helps health care providers do their jobs efficiently. hospital Management System v4.0 contains a cross-site scripting vulnerability that originates in the view-patient .php and...