Cross site scripting

jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting XSS attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting...

IBM Jazz for Service Management和IBM Tivoli Netcool/OMNIbus_GUI 跨站脚本漏洞

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...

Basecamp: com.basecamp.bc3 Webview Javascript Injection and JS bridge takeover

It was identified that the android com.basecamp.bc3 application, contains a Webview where the loaded URLs are not sanitised properly. As this webview's functionality is extended via javascript interfaces and has the javascript enabled it is possible to inject arbitrary javascript code which will ...

DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting Exploit

DMA Softlab Radius Manager version 4.4.0 chained exploit written in go that exploits session management and cross site scripting vulnerabilities. package main import "github.com/gorilla/mux" "fmt" "net/http" "net/url" "flag" "strings" "io/ioutil" "log" / should be able to: 1. Inject javascript in...

DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting

package main import "github.com/gorilla/mux" "fmt" "net/http" "net/url" "flag" "strings" "io/ioutil" "log" / should be able to: 1. Inject javascript into vulnerable fields. This will capture session cookies ofusers with higher privileges. 2. Send the captured session cookie to a server we control...

Cross site scripting

SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application...

Smartertools SmarterTools SmarterMail 跨站脚本漏洞

Smartertools SmarterTools SmarterMail is a set of mail server software from SmarterTools Smartertools, USA. The program supports spam filtering, statistics, simple mail transfer protocol SMTP authentication and other features. A security vulnerability exists in SmarterTools SmarterMail versions...

GHSA-86PV-95MJ-7W5F Stored XSS vulnerability on Bounce Management Callback

Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...

CVE-2021-34562

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response...

CVE-2021-34562

CVE-2021-34562 affects Pepperl+Fuchs WirelessHART-Gateway, notably versions 3.0.7–3.0.9 (3.0.8 highlighted). The vulnerability allows injection of arbitrary JavaScript into the application’s response (a cross-site scripting-type issue) as described in the ICSA advisory and CVE records. The primar...

CVE-2021-34562 A vulnerability in WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response...

Pepperl Fuchs WirelessHART-Gateway跨站脚本漏洞

The Pepperl Fuchs WirelessHART-Gateway is a gateway device from Pepperl Fuchs, Germany. A cross-site scripting vulnerability exists in Pepperl Fuchs WirelessHART-Gateway version 3.0.8, which can be exploited by an attacker to inject arbitrary JavaScript into an application response...

PT-2021-20547 · Pepperl+Fuchs · Wirelesshart Gateway

Name of the Vulnerable Software and Affected Versions: PEPPERL+FUCHS WirelessHART-Gateway version 3.0.8 Description: The issue allows for the injection of arbitrary JavaScript into the application's response. Recommendations: For PEPPERL+FUCHS WirelessHART-Gateway version 3.0.8, consider disablin...

CVE-2021-39175

HedgeDoc prior to version 1.9.0 is vulnerable to cross-site scripting in the slide-mode speaker-notes. An unauthenticated attacker can inject arbitrary JavaScript by embedding an iframe hosting malicious code into the slides or by embedding the HedgeDoc instance into another page. The issue is fi...

CVE-2021-27910

Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and execute...

CVE-2021-27910

Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and execute...

Design/Logic Flaw

Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and execute...

CVE-2021-27910 Stored XSS vulnerability on Bounce Management Callback

Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and execute...

CVE-2021-27910

CVE-2021-27910 describes a stored XSS in Mautic via the bounce management callback. The vulnerability arises from insufficient sanitization of the POST parameters error and error_related_to in the callback endpoint (POST /mailer//callback). An attacker with access to the callback can inject arbit...

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in the Editor plug-in for Atlassian Jira Server and Data Center versions prior to 8.5.18, 8.6.0 ...