SuiteCRM Cross-Site Scripting Vulnerability (CNVD-2021-33995)

SuiteCRM is a free open source customer relationship management application. A cross-site scripting vulnerability exists in the customer account page of SuiteCRM versions prior to 7.11.19. An attacker can exploit the vulnerability to inject JavaScript via the name field...

CVE-2021-30172

Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS Cross-site scripting attacks, additionally access and manipulate customer’s...

CVE-2021-30170

Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS Stored Cross-site scripting attacks, additionally access and manipulate customer’s information...

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...

XSS in fieldID - CVE 2021-26079

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. Affected...

Fork CMS Cross-Site Scripting Vulnerability (CNVD-2021-34510)

Fork is an easy to use, open source CMS using Symfony components. A persistent cross-site scripting vulnerability exists in Fork CMS version 5.8.2. The vulnerability can be exploited to inject arbitrary Javascript code via the navigationtitle and title parameters in /private/en/pages/add...

IBM Control Desk 跨站脚本漏洞

IBM Control Desk is an application from IBM USA. Automated service management and seamlessly integrated, best-practice based service desk functionality. IBM Smart Cloud Control Desk suffers from a cross-site scripting vulnerability that originates from allowing a user to embed arbitrary JavaScrip...

竣禾科技 ERP POS 跨站脚本漏洞

Junghwa Technology ERP POS System is an application software of China Junghwa Technology Co. system used for ERP management. ERP POS suffers from a cross-site scripting vulnerability that originates from special characters on the customer profile page not being filtered during user input, which...

Atlassian Confluence Server 跨站脚本漏洞

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A cross-site scripting vulnerability exists in Confluence Server versions prior to 7.11.0 that...

Fork CMS 跨站脚本漏洞

Fork is an easy to use, open source CMS using Symfony components. A persistent cross-site scripting vulnerability exists in Fork CMS version 5.8.2. The vulnerability can be exploited to inject arbitrary Javascript code via the navigationtitle and title parameters in /private/en/pages/add...

CVE-2021-24293

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript...

Cross-site Scripting (XSS) - Reflected in blockonomics/woocommerce-plugin

✍️ Description Reflected javascript injection vulnerabilities exist when web applications take parameters from the URL and display them on a page. Reflection vulnerabilities occur when a website outputs a variable from the webpage URL directly to the page, such as in a PHP application that accepts...

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

Cross site scripting

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

CVE-2021-31792

CVE-2021-31792 affects SuiteCRM versions prior to 7.11.19. The vulnerability is a cross-site scripting flaw in the client account page that allows an attacker to inject JavaScript via the name field. No exploit specifics are provided beyond this description in the sources. Remediation per PT-Secu...

PT-2021-19509 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.19 Description: The issue allows an attacker to inject JavaScript via the name field in the client account page, potentially leading to code execution. Recommendations: For versions prior to 7.11.19, update to...

SuiteCRM 跨站脚本漏洞

SuiteCRM is a free open source customer relationship management application. A cross-site scripting vulnerability exists in the customer account page of SuiteCRM versions prior to 7.11.19. An attacker can exploit the vulnerability to inject JavaScript via the name field...

CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...