Atlassian JIRA Server 跨站脚本漏洞

Atlassian JIRA Server is the server version of a defect tracking management system from Atlassian Australia. The system is mainly used for tracking and managing various types of problems and defects in work. A cross-site scripting vulnerability exists in Atlassian JIRA Server, which can be...

CVE-2021-34817

CVE-2021-34817 is a documented XSS in Etherpad 1.8.13 where the chat message userId is rendered into HTML without escaping, enabling a crafted pad import to execute arbitrary JavaScript in an admin’s browser. The SonarSource write-up confirms the root cause is an unescaped userId in the chat fron...

Cross-Site Scripting (XSS)

stacktable.js is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via several elements.,...

IBM Cloud Pak for Automation 跨站脚本漏洞

IBM Cloud Pak for Automation is an intelligent software platform used to build automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build, and run automation applications and services on any cloud.A...

pfSense 跨站脚本漏洞

pfSense is a set of network firewalls based on FreeBSD Linux. A cross-site scripting vulnerability exists in Netgate pfSense, which allows an attacker to inject malicious JavaScript code into a description text box or parameter...

MediaWiki suffers from an unspecified vulnerability (CNVD-2021-48984)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.36, which stems from a privileged user with Rewards...

IrisNext 跨站脚本漏洞

IRIS IrisNext is a document management solution from IRIS Luxembourg designed to manage, protect and use your company's information. A security vulnerability exists in IrisNext that allows an authenticated or threatened user to inject malicious JavaScript into the application's folder filenames t...

CVE-2021-35208

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected...

Security Bulletin: Using XSS attack, an attacker may inject Javascript code by modifying input fields in Datacap Navigator

Summary Using XSS attack, an attacker may inject Javascript code by modifying input fields in Datacap Navigator. Vulnerability Details CVEID: CVE-2020-4935 DESCRIPTION: IBM Datacap Fastdoc Capture is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...

Zimbra Collaboration Suite跨站脚本漏洞

Zimbra Collaboration Suite ZCS is a collaboration software suite that includes an email server and web client. A cross-site scripting vulnerability exists in the login component of the web client for Zimbra Collaboration Suite. An attacker could exploit this vulnerability by adding executable...

Zimbra Collaboration Suite跨站脚本漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in versions prior to Zimbra Collaboration Suite 8.8.15 Patch 23, which can be exploited by an attacker to place HT...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.36 that stems from a privileged user being able to inject...

Cross site scripting

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196949...

IBM Planning Analytics 跨站脚本漏洞

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A cross-site scripting vulnerability exists in IBM Planning Analytics Local, which stems from a...

Cross-Site Scripting (XSS)

jfinal is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the set method of the Controller class...

WordPress WP Google Maps plugin cross-site scripting vulnerability (CNVD-2021-49141)

WordPress is a set of open source blogging platforms developed using the PHP language by the WordPress Foundation. A stored cross-site scripting vulnerability exists in the WordPress WP Google Maps plugin. An attacker can exploit this vulnerability to execute client-side code by injecting...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

✍️ Description The questionary section of livehelperchat can be modified listing new question . However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️‍♂️ Proof of Concept Install the livechat Go on...

CVE-2021-32536 MCU Technologies MCUsystem - Reflected XSS

The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks...

CVE-2021-32536

Summary: CVE-2021-32536 affects the MCUsystem login page, where input is not filtered for special characters. This allows a remote attacker to inject JavaScript and perform a reflected XSS attack. The vulnerability is described across several sources (NVD, CVE list) as a login-page input validati...

Fiyo CMS Cross-Site Scripting Vulnerability (CNVD-2021-45303)

Fiyo CMS is a content management system and software that allows users to add and/or manipulate change website content. A cross-site scripting vulnerability exists in the tag parameter in Fiyo CMS version 2.0.6.1. An attacker can exploit this vulnerability to add html/JavaScript to html code...