Mitsubishi Electric MC Works64 跨站脚本漏洞

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. Mitsubishi Electric MC Works64 suffers from a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied data and output. An attacker could exploi...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited to run JavaScript in the context of the...

The vulnerability in the isolated iframe environment of Thunderbird email clients, as well as Firefox and Firefox ESR browsers, allows an attacker to bypass the isolated JavaScript iframe environment and execute arbitrary JavaScript code in a random window.

The vulnerability in the isolated iframe environment of Thunderbird email clients, as well as Firefox and Firefox ESR browsers, relates to exploiting security restrictions during the execution of XSLT transformations using iframe-based environments. Exploiting this vulnerability allows an attacke...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Modern Events Calendar Lite plugin in versions prior to 6.2.0 suffers from a cross-site scripting...

Cross-site Scripting (XSS) - Stored in crater-invoice/crater

Description There is a vulnerability in the upload avatar functionality of crater invoice which would allow an attacker to upload malicious .SVG files in order to execute Javascript. All that is required is that the victim browse to the link location of the .SVG file Proof of Concept xss.svg:...

CVE-2022-22112

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

Caldera 跨站脚本漏洞

A cross-site scripting vulnerability exists in version 2.8.1 of Caldera, a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices, which stems from a lack of effective filtering and escaping of user-submitted paramete...

Mozilla Firefox 安全特征问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security signature issue vulnerability exists in Mozilla Firefox due to an error in the implementation of the iframe sandbox when processing XSLT markup. A remote attacker can bypass the iframe sandbox and execute...

WordPress插件跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress 10Web Social Photo Feed Plugin has a cross-site scripting vulnerability in versions prior to 1.4.29, which stems...

MediaWiki 跨站脚本漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from a failure of the...

CVE-2022-22112

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

CVE-2022-21662 Stored XSS in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched...

PT-2022-1813 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to insufficient access controls in Microsoft Edge, allowing a remote attacker to elevate privileges in the system. This can enable the execution o...

CVE-2022-22116

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...

Debian DLA-2874-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2874 advisory. - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash...

WordPress plugin 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress CRM Form Entries Plugin has a cross-site scripting vulnerability in versions prior to 1.1.7, which ste...

DEBIAN-CVE-2021-43861

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...

UBUNTU-CVE-2021-43861

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...

Mermaid 安全漏洞

Mermaid is a software application. Create charts and visualizations using text and code. A security vulnerability exists in versions prior to Mermaid 8.13.8, which can be exploited by an attacker to run javascript code via a malicious chart on the machine reading the chart...

PT-2021-23984 · Mermaid · Mermaid

Name of the Vulnerable Software and Affected Versions: Mermaid versions prior to 8.13.8 Description: Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Malicious diagrams can run javascript...