SAP NetWeaver AS ABAP Cross-Site Scripting Vulnerability (CNVD-2021-03703)

SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A security vulnerability exists in SAP NetWeaver AS ABAP that stems from a failure to adequately encode URLs, allowing an attacker to enter malicious java script in...

WordPress EventON Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress EventON plugin version 3.0.5 and earlier...

CVE-2017-15682

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel...

Dell EMC RSA Archer Injection Vulnerability

Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An injection vulnerability exists in Dell EMC RSA Archer versions 6.8...

CVE-2020-26884

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application...

CVE-2020-26884

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application...

The vulnerability of the software platform for developing and managing online stores Magento Commerce arises from insufficient cleaning of data provided by users. This vulnerability allows a malicious attacker to execute harmful JavaScript code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores exists due to insufficient cleaning of data provided by users. Exploiting this vulnerability allows a malicious actor to execute malicious JavaScript code using specially crafted HTTP requests...

CVE-2020-24442

Adobe Connect version 11.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2020-24443

Adobe Connect version 11.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2020-15275

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

CVE-2020-24430

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user...

Design/Logic Flaw

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user...

CVE-2020-24430

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user...

lightning-server cross-site scripting vulnerability

lightning-server is a personal developer Npm library for data visualization applications . The library provides API-based access to reproducible Web-based interactive visualizations. A security vulnerability exists in all versions of lightning-server, which can be exploited by an attacker to inje...

Cross site scripting

Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...

CVE-2020-16246

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting XSS, which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site...

CVE-2020-7747

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller...

CVE-2020-24408

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This...

phpMyAdmin cross-site scripting vulnerability (CNVD-2021-45285)

phpMyAdmin is a PHP written, Web-based MySQL and MariaDB open source management tools. A cross-site scripting vulnerability exists in the conversion function in phpMyAdmin. An attacker can exploit this vulnerability to execute malicious JavaScript via a specially crafted link...

PrestaShop 1.5.0.0 < 1.7.6.8 XSS Vulnerability

PrestaShop is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...