CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...

Design/Logic Flaw

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...

CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...

CVE-2021-22331

CVE-2021-22331 describes a JavaScript injection vulnerability in Huawei smartphones (notably P30) where a module does not adequately verify certain inputs. Affected P30 versions include 10.1.0.165 and earlier, and 11.x builds such as 11.0.0.118, 11.0.0.120, and 11.0.0.138 across multiple build id...

Sourcecodester Equipment Inventory System 跨站脚本漏洞

Sourcecodester Equipment Inventory System is a Sourcecodester open source application. It is used to organize and track its equipment. Sourcecodester Equipment Inventory System 1.0 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary javascrip...

Huawei 多款产品 注入漏洞

Huawei P30 is a smartphone from Huawei China.The Huawei P30 is vulnerable to JavaScript injection, which can be exploited by attackers to launch JavaScript injection by sending malicious application requests...

Unspecified Vulnerability in Vaadin vaadin-server

Vaadin-server is a Vaadin open source application . A platform for rapid development of Web applications on the Java backend . A security vulnerability exists in vaadin-server versions 7.4.0 through 7.7.19, which can be exploited by an attacker to inject malicious JavaScript via an unspecified...

MintHCM Cross-Site Scripting Vulnerability

MINTHCM is a human resources management software developed by MINTHCM MintHCM A cross-site scripting vulnerability exists in version 3.0.8. The vulnerability stems from the Import feature that allows an attacker to perform cross-site scripting XSS loads in file uploads, which can be exploited by ...

cPanel cross-site scripting vulnerability (CNVD-2021-31749)

Cpanel is a set of Web-based automated colocation platform from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 94.0.3. The vulnerability stems from saving...

CVE-2019-25028

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector...

CVE-2019-25028

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector...

Design/Logic Flaw

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector...

CVE-2019-25028

CVE-2019-25028 describes a stored cross-site scripting (XSS) vulnerability in Vaadin's Grid component (com.vaadin:vaadin-server). Affected are Vaadin Server versions 7.4.0–7.7.19 and 8.0.0–8.8.4. An attacker could inject malicious JavaScript via an unspecified vector, with potential impact includ...

SUSE: Security Advisory (SUSE-SU-2018:1334-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

Cross site scripting

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

Atlassian Jira Server & Data Center 跨站脚本漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a cross-site scripting vulnerability th...

Cross-Site Scripting (XSS)

sickrage is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser due to lack input validation and output sanitization...

Echel0n SiCKRAGE 跨站脚本漏洞

SickRage is an automated video library manager for TV programs. A stored cross-site scripting vulnerability exists in SiCKRAGE version 4.2.0 - 10.0.11.dev1. The vulnerability stems from the server processing user input without properly validating user input. An attacker can exploit the...

IBM Jazz Team Server 跨站脚本漏洞

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...