openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:1334-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1334-1 advisory. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the...

IceHrm 跨站脚本漏洞

IceHrm is a human resource management Hrm system that includes features such as employee management, leave management, and payroll. The system includes functions such as employee management, leave management and payroll management.IceHrm has security vulnerabilities on several pages that could be...

PYSEC-2021-350

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-25963 Shuup - Reflected XSS in Error Page

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-40711 Adobe Experience Manager Stored Cross-Site Scripting Could Lead to Arbitrary Code Execution

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they...

Cross-site Scripting (XSS) - Stored in zikula-modules/content

Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

CVE-2021-39307

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code...

PDFTron WebViewer 跨站脚本漏洞

PDFTron WebViewer is an avaScript PDF library from PDFTron Canada for all browsers, frameworks and mobile devices with no server-side dependencies. Supports PDF, MS Office, CAD and more than 30 formats. A cross-site scripting vulnerability exists in PDFTron WebViewer UI 8.0 and prior versions,...

Cross site scripting

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...

CVE-2021-23037

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note:...

Cross site scripting

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note:...

Plesk Obsidian 跨站脚本漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability in Plesk Obsidian versions 18.0.0 through 18.0.32 allows an attacker to execute JavaScript code in a victim's browser by using a link to preview a site hosted on the server...

Cross-site Scripting (XSS)

Overview pekeupload is a jQuery plugin that allows you to easily add multiple or single file upload functionality to your website. This plugin uses html5 only. Affected versions of this package are vulnerable to Cross-site Scripting XSS. If an attacker induces a user to upload a file whose name...

CVE-2021-1864

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code...

CVE-2021-1864

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code...

Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code...

CVE-2021-1864

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code...

CVE-2021-1864

CVE-2021-1864 is a use-after-free vulnerability that was addressed with improved memory management. It affected Apple platforms and was fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, and tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code. The connected documen...

PT-2021-30879 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.1 and below FortiOS versions 6.2.9 and below Description: The issue allows a remote unauthenticated attacker to either redirect users to malicious websites via a crafted Host header or to execute JavaScript code in the...

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

✍️ Description stored xss bug via link in store 🕵️‍♂️ Proof of Concept 1. goto https://mainnet.demo.btcpayserver.org/stores and create a store .\ 2. Now open that store using url https://mainnet.demo.btcpayserver.org/stores/BuBNcrh8vpu4sMcTikqXoP5pXU49hvoFDyqAoA46Tns2 and change website link to...