TinyFileManager 安全漏洞

TinyFileManager is a web-based file manager. It is used for storing, uploading, editing and managing files and folders online via a web browser. A security vulnerability exists in TinyFileManager version v2.4.7, which stems from a stored cross-site scripting vulnerability that could lead to the...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A security vulnerability exists in OpenEMR versions prior to 7.0.3.4, which stems...

CVE-2022-23013

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...

CVE-2022-41349

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

CVE-2022-41350

In Zimbra Collaboration Suite ZCS 8.8.15, /h/search?action=voicemail=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

CVE-2022-41311

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

CVE-2022-1584

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim...

CVE-2022-1530

Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application...

CVE-2022-41312

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

CVE-2022-41313

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

CVE-2022-30557

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution...

CVE-2022-1719

Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page...

CVE-2022-24708

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

CVE-2022-44012

An issue was discovered in /DS/LMAPI/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be...

CVE-2022-46870

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported...

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

CVE-2021-43842

Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute...

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...