CVE-2022-24072

The CVE-2022-24072 entry applies to Naver Whale Browser, with affected versions before 3.12.129.18. The root cause is improper data handling in the devtools API (devtools.inspectedWindow), allowing potentially attacker-controlled JavaScript execution within the extension store web page. Consequen...

WordPress Core 5.9.0 / 5.9.1 Cross Site Scripting Vulnerability

Contributor+ Stored Cross Site Scripting Vulnerability Description: Contributor+ Stored XSS Affected Versions: WordPress Core 5.9.0-5.9.1 CVE ID: Pending CVSS Score: 8.0 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Fully Patched Version: 5.9.2 Researcher/s: Ben Bidner WordPress...

Atlassian Fisheye和Crucible 安全漏洞

Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. A security vulnerability exists in Atlassian Fishey and Crucible versions prior to 4.8.9, which can be exploited by an attacker to inject arbitrary HTML and/or JavaScript...

CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

Design/Logic Flaw

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

GateManager跨站脚本漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager that allows a logged in user to inject javascript during a browser session...

CVE-2022-24432 ICSA-22-062-01 IPCOMM ipDIO

Persistent cross-site scripting XSS in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an...

CVE-2022-21146 ICSA-22-062-01 IPCOMM ipDIO

Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization of the Title field in the setting.js file which allows an attacker to inject and execute malicious javascript...

IPCOMM ipDIO Cross-Site Scripting Vulnerability (CNVD-2022-20535)

IPCOMM ipDIO is a remote control communication device from IPCOMM Germany. It is used to record digital and analog inputs and control digital outputs. A cross-site scripting vulnerability exists in IPCOMM ipDIO that allows an unauthenticated, remote attacker to exploit the vulnerability to...

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

IPCOMM ipDIO 跨站脚本漏洞

IPCOMM ipDIO is a remote control communication device from IPCOMM Germany. It is used to record digital and analog inputs and control digital outputs. A cross-site scripting vulnerability exists in IPCOMM ipDIO that allows an unauthenticated, remote attacker to exploit the vulnerability to...

Cross-site Scripting (XSS)

reveal.js is vulnerable to cross-site scripting. The onmessage event listener in speaker-view.html does not properly check the origin of postMessage before being rendered on the webpage, allowing an attacker to inject and execute malicious javascript...

Lansweeper WebUserActions.aspx Stored XSS vulnerability

Summary A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. Tested...

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira has a cross-site scripting vulnerability that can be exploited to inject arbitrary HTML or JavaScript...