GLPi Cross-Site Scripting Vulnerability (CNVD-2021-40317)

GLPI is a free asset and IT management software package that provides ITIL service desk functionality, license tracking and software auditing. A cross-site scripting vulnerability exists in GLPi version 9.5.4. The vulnerability stems from GLPi unvalidated metadata. An attacker can exploit the...

CVE-2021-3486

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...

Plone cross-site scripting vulnerability (CNVD-2021-37279)

Plone is a foreign open source CMS system suitable for enterprise-level applications. A cross-site scripting vulnerability exists in the user full name attribute and file upload functionality in Plone CMS versions prior to 5.2.4. The vulnerability stems from user input that is not properly encode...

The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of Adobe Connect’s instant messaging service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of Adobe Connect’s instant messaging service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

GitLab: Clipboard DOM-based XSS

Summary A clipboard DOM-based XSS exists on several Markdown text fields. Technical details The app/assets/javascripts/behaviors/markdown/copyasgfm.js file is used to get and set GFM GitHub Flavored Markdown data on the clipboard on different parts of the GitLab application. If a user copies data...

Cross-site Scripting (XSS) - Reflected in thecoshman/http

✍️ Description The web server is vulnerable to Cross-site scripting. An attacker can host a file with an XSS payload as the file name. When a user visits the web server address, the javascript will be executed in the browser. This is due to improper sanitization. 🕵️‍♂️ Proof of Concept - Create a...

APSB21-15 Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM. These updates resolve vulnerabilities rated Critical and Important. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser...

Arbitrary JavaScript Execution

Overview There is a security vulnerability in json-ptr versions prior to v2.1.0 in which an unscrupulous actor may execute arbitrary code. If your code sends un-sanitized user input to json-ptr's .get method, your project is vulnerable to this injection-style vulnerability. Recommendation Upgrade...

Apple iOS 资源管理错误漏洞

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in Apple iOS, which could allow an attacker executing JavaScript to execute arbitrary code. The following products and versions are affected: iPhone 6s and later, iPad Pro all models, iPad...

CVE-2019-25027 Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

CVE-2021-29467 Self-XSS

Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1...

CVE-2021-29467

CVE-2021-29467 affects the Wrongthink encrypted peer‑to‑peer chat program. The vulnerability allows a user to check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site, indicating a cross‑site scripting issue. The description notes no workarounds, and a p...

Parabirb wrongthink 跨站脚本漏洞

Parabirb wrongthink is Parabirb an open source application . It provides an end-to-end encryption feature. A security vulnerability exists in Wrongthink version 2.4.1 that allows users to enter their fingerprint into the service and enter a script to run arbitrary JavaScript on the site...

CVE-2020-28141

The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page...

Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. -...

PT-2021-24349 · Unknown · Molecularfaces

Name of the Vulnerable Software and Affected Versions: MolecularFaces versions prior to 0.3.0 Description: The issue allows a remote attacker to execute arbitrary JavaScript in the context of a victim browser via crafted molfiles. This is due to the viewer plugin implementation of rendering molfi...

CVE-2021-21087 ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser

Adobe Coldfusion versions 2016 update 16 and earlier, 2018 update 10 and earlier and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code...

MTN Group: Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module

The Cross-site Scripting XSS vulnerability was discovered on http://h1b4e.n2.ips.mtn.co.ug:8080 via the Nginx module. The vulnerability allowed the injection of arbitrary JavaScript code through the URL, which could be executed in the victim's browser...

Web-School ERP Cross-Site Scripting Vulnerability (CNVD-2021-28278)

Web-School ERP is a school management software for schools and educational organizations. A stored cross-site scripting vulnerability exists in the Activity Name and Description fields in Web-School ERP version 5.0. An attacker can exploit the vulnerability to inject and execute JavaScript code...