5077 matches found
CVE-2021-21259
HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instanc...
Authentication flaw
HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instanc...
CVE-2021-21259
CVE-2021-21259 affects HedgeDoc before version 1.7.2, where an attacker could inject arbitrary JavaScript into a note that is executed when viewed in slide mode. Depending on instance configuration, authentication may not be required to create or edit notes. The issue is fixed in HedgeDoc 1.7.2; ...
CVE-2021-22849
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS Stored Cross-site scripting attack...
CVE-2021-22849
CVE-2021-22849 affects Hyweb HyCMS-J1; the backend editing function does not filter special characters, enabling stored XSS where logged-in users can inject JavaScript. Root cause: insufficient input sanitization on editing payloads. Documented impact includes stored XSS risk with potential parti...
Hedgedoc 跨站脚本漏洞
Hedgedoc is a Javascript-based Markdown document real-time editing and sharing platform by the Hedgedoc team. A cross-site scripting vulnerability exists in versions prior to HedgeDoc 1.7.2, which can be exploited by attackers to inject arbitrary JavaScript...
Hyweb HyCMS-J Cross-Site Scripting Vulnerability
Hyweb HyCMS-J1 is a text management system from the Chinese company Hyweb. Hyweb HyCMS-J1 suffers from a cross-site scripting vulnerability that stems from the back-end editing function not filtering special characters. An attacker can exploit this vulnerability to inject JavaScript syntax to...
U.S. Dept Of Defense: Stored XSS at https://www.█████████.mil
Summary: Stored XSS exists at https://www.██████.mil. A user can fill out the form and upload a file containing javascript code to trigger XSS. Description: Stored XSS exists at https://www.████.mil. A user can fill out the form and upload a file containing javascript code to trigger XSS. Impact ...
Cross site scripting
A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the posttitle parameter...
CVE-2020-35582
A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the posttitle parameter...
Opentext Carbonite 跨站脚本漏洞
OpenText develops and markets Enterprise Information Management EIM software. A cross-site scripting vulnerability exists in OpenText Carbonite Server Backup Portal 8.8.7 and earlier versions, which originates from a failure to effectively filter user input at policy creation, allowing an...
CVE-2020-23849
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
CVE-2020-23849
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2021-03016)
IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management, with broad coverage of all aspects from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management. An...
IBM Engineering Requirements Quality Assistant Cross-Site Scripting Vulnerability
IBM Engineering Requirements Quality Assistant uses AI to help you improve requirements quality from the authoring source. A cross-site scripting vulnerability exists in IBM Engineering Requirements Quality Assistant. An attacker could exploit the vulnerability to embed arbitrary JavaScript code ...
IBM Engineering Requirements Quality Assistant Cross-Site Scripting Vulnerability (CNVD-2021-02621)
IBM Engineering Requirements Quality Assistant uses AI to help you improve requirements quality from the authoring source. A cross-site scripting vulnerability exists in IBM Engineering Requirements Quality Assistant. An attacker could exploit the vulnerability to embed arbitrary JavaScript code ...
IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-03014)
IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...
Cross site scripting
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127...
HGiga MailSherlock Cross-Site Scripting Vulnerability (CNVD-2021-06947)
HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A cross-site scripting vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock failing to properly validate specific URL parameters. An attacker can exploit...
HGiga MailSherlock Cross-Site Scripting Vulnerability
HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A cross-site scripting vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock not validating user parameters on multiple login pages. An attacker can explo...