IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing content such as key factors and key people. IBM Cognos Analytics has a security vulnerability...

The vulnerability of the BBCode parser in the vBulletin commercial web forum, related to the lack of protection for the website structure, allows a violator to execute arbitrary JavaScript.

The vulnerability of the BBCode parser in the vBulletin commercial web forum is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript by injecting code into messages using embedded BBCodes...

Cross Site Scripting (XSS)

@backstage/plugin-auth-backend is vulnerable to Cross Site Scripting. The vulnerability exists in makeCreateEnv of index.ts because the code doesn't enable authorization which allows an attacker to inject and execute arbitrary javascript...

CVE-2021-42119 Stored XSS in Search Function in TopEase

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36332

CVE-2021-36332 affects Dell EMC CloudLink 7.1 and earlier. The issue is a HTML/JavaScript injection (input validation) vulnerability that could be exploited remotely by a low-privilege attacker to redirect end users to arbitrary or malicious websites. Multiple connected sources corroborate the vu...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

Cross-site Scripting (XSS)

plupload is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the file.name field as it does not properly encode the user input file name...

Cross-Site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of HTML in the Advance Content Filter ACF module which allows an attacker to inject maliciously crafted HTML containing Javascript code...

CVE-2021-42838

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks...

Cross site scripting

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks...

欣学英资讯 webopac7 跨站脚本漏洞

XinXueYing Info Webopac7 is an online public access catalog of China XinXueYing Info. It is used for users to access library services over the Internet. A cross-site scripting vulnerability exists in XinXueYing Info webopac7, which originates from a book search field parameter that does not...

PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Date: 14/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We...

Cross-site Scripting (XSS)

graphql-playground-react is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in Properties.html allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

grafana is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of sanitation of URL allowing a malicious attacker to inject and execute arbitrary javascript...

Publify 跨站脚本漏洞

Publify is a simple but full-featured web publishing software. A security vulnerability exists in Publify versions v8.0 through v9.2.4, which can be exploited by attackers to inject malicious JavaScript via an uploaded html file...

Publify 跨站脚本漏洞

Publify is a simple but full-featured web publishing software. A security vulnerability exists in Publify versions v8.0 through v9.2.4, which can be exploited by an attacker to insert and execute arbitrary JavaScript code during page/post creation...

CVE-2021-35488

Thruk 2.40-2 allows /thruk/cgi-bin/status.cgi?style=combined&title=TITLE Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it...

Cross site scripting

Thruk 2.40-2 allows /thruk/cgi-bin/status.cgi?style=combined&title=TITLE Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it...