Hedgedoc 跨站脚本漏洞

HedgeDoc is a platform for writing and sharing Markdown. cross-site scripting vulnerabilities exist in versions of HedgeDoc prior to 1.9.0. An attacker could exploit the vulnerability by embedding an iframe hosting malicious code into a slideshow or embedding a HedgeDoc instance into another page...

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center versions prior to 8.18.0, which originates from...

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

Hardcoded credentials

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

CVE-2020-14161

CVE-2020-14161 affects Gotenberg and is exploited as a Server-Side Request Forgery (SSRF) via the /convert/html endpoint. The root cause is insecure handling of the src in HTML elements, enabling an attacker to reference internal files (e.g., file:// URIs) through the chromium module used by the ...

SuiteCRM 跨站脚本漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. A security vulnerability in the web interface of SuiteCRM before 7.11.19 allows remote attackers to upload malicious files by bypassing content type filters and introducing arbitrary JavaScript...

CVE-2021-38708

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS...

CVE-2021-38709

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staffmessaging messaging system for XSS...

CVE-2021-38709

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staffmessaging messaging system for XSS...

Cross site scripting

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staffmessaging messaging system for XSS...

CVE-2021-38708

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS...

CVE-2021-38709

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staffmessaging messaging system for XSS...

Ocproducts Composr CMS 跨站脚本漏洞

Ocproducts Composr CMS is an open source content management system CMS written in PHP by ocProducts Ocproducts UK. A security vulnerability exists in ocProducts Composr CMS versions prior to 10.0.38, which can be exploited by attackers to inject JavaScript via Comcode...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technologies from IBM. IBM Jazz Foundation has a cross-site scripting vulnerability that could allow a remote attacker to embed arbitrary JavaScript code in the Web UI to alter the intended functionality,...

CVE-2021-21442

In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs.IBM Sterling B2B Integrator is vulnerable to a cross-site scripting vulnerability that could be exploited by an attacker to embed arbitrary JavaScript...

CVE-2021-37470

In NCH WebDictate v2.13, persistent Cross Site Scripting XSS exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript...

CVE-2021-26082

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability...