IBM Cloud Pak System 跨站脚本漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. A cross-site scripting vulnerability exists in IBM Cloud Pak System 2.3. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI that could...

CVE-2020-35740

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks...

Hardcoded credentials

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks...

CVE-2020-35741 HGiga MailSherlock - XSS -2

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks...

CVE-2020-35740 HGiga MailSherlock - XSS -1

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks...

MailSherlock 跨站脚本漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A cross-site scripting vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock failing to properly validate specific URL parameters. An attacker can exploit...

Hedgedoc Cross-Site Scripting Vulnerability

Hedgedoc is a Javascript-based Markdown document real-time editing and sharing platform by the Hedgedoc team. A security vulnerability exists in HedgeDoc versions prior to 1.7.1, which can be exploited to inject arbitrary "script" tags into HedgeDoc notes. Our content security policy prohibits...

CVE-2020-35730

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...

ZZCMS 跨站脚本漏洞

ZZCMS is the content management system of Webmaster Merchants. A cross-site scripting vulnerability exists in the user login page of zzcms 2019. An attacker can exploit this vulnerability by injecting js code via user/login.php via the referer header...

CVE-2020-12517

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...

CVE-2020-35121

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

OpenAsset Digital Asset Management XSS Injection Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. The OpenAsset Digital Asset Management software product suffers from an XSS injection vulnerability that could allow a remote attacker to inject arbitrary JavaScript or HTML for later rendering b...

Keysight Database Connector plugin code injection vulnerability

Bitbucket Keysight is a database connector plugin available for Atlassian products from the Bitbucket organization. A security vulnerability exists in the Keysight Database Connector plugin before 1.5.0, which originates from a malicious user being able to insert arbitrary JavaScript into saved...

Moodle 3.7.x < 3.7.8, 3.8.x < 3.8.5, 3.9.x < 3.9.2 Input Escape Vulnerability

Moodle is prone to an input escape vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-25631

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8...

Design/Logic Flaw

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8...

CVE-2020-25631

CVE-2020-25631 affects Moodle prior to fixed versions: 3.9.2, 3.8.5, and 3.7.8 fix a cross-site scripting issue where JavaScript could be inserted into a book chapter title on the Add new chapter page for Moodle 3.9–3.9.1, 3.8–3.8.4, and 3.7–3.7.7. Affected releases should upgrade to the correspo...

WordPress EventON Calendar 3.0.5 Cross Site Scripting

Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...

Crafter CMS Cross-Site Scripting Vulnerability

Crafter CMS is an open source content management system CMS for digital experience applications. A cross-site scripting vulnerability exists in Crafter CMS Crafter Studio version 3.0.1, which allows an attacker to exploit the vulnerability to be able to inject malicious JavaScript code, leading t...