SAP Business Connector Cross-Site Scripting Vulnerability (CNVD-2024-20438)

SAP Business Connector is a middleware from SAP, Germany. A cross-site scripting vulnerability exists in SAP Business Connector version 4.8, which stems from a resource settings page that allows an attacker with elevated privileges to load an exploitable payload to conduct a reflective cross-site...

SAP Business Connector Cross-Site Scripting Vulnerability (CNVD-2024-20439)

SAP Business Connector is a middleware from SAP, Germany. A cross-site scripting vulnerability exists in SAP Business Connector version 4.8, which can be exploited by an attacker to add malicious GET query parameters to a service call to conduct a reflective cross-site scripting attack...

WordPress plugin Query Wrangler 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2023-29552

.The Service Location Protocol SLP is vulnerable to an attack through UDP The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However, SLP is vulnerable to a reflective denial of service amplification attack through UD...

Fortinet FortiAuthenticator Cross-Site Scripting Vulnerability (CNVD-2023-30842)

Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet. Fortinet FortiAuthenticator suffers from a cross-site scripting vulnerability that stems from an improper neutralization of script-related HTML tags in a web page, which can be exploited by an attacker t...

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...

RIFARTEK IOT Wall 跨站脚本漏洞

Rifartek IOT Wall is a security software from the Chinese company Rifartek. A cross-site scripting vulnerability exists in RIFARTEK IOT Wall v.22, which is caused by insufficient filtering of user input in the transport function. The vulnerability can be exploited to inject JavaScript to perform ...

EyouCMS 跨站脚本漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology Company. A cross-site scripting vulnerability exists in EyouCMS version 1.6.0 and earlier versions, which originates from the activepath GET parameter of...

WordPress Simple File List Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress MOLIE plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress MOLIE plugin has a cross-site scripting vulnerability that stems from not escaping the courseid parameter before...

WordPress Persian Woocommerce Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Persian Woocommerce suffers from a cross-site scripting vulnerability that stems from not escaping the s...

CVE-2020-10688

A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

pki-core 跨站脚本漏洞

pki-core is a library that provides an API for PKI operations. A cross-site scripting vulnerability exists in pki-core, which stems from the fact that a specially designed POST request can be used to reflect a dom-based cross-site scripting attack by injecting code into a search query form that c...

pki-core: XSS in the certificate search results

A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity...

Security Advisory - Distributed Denial-of-Service Vulnerablility in Some Huawei Products

There is a DDoS vulnerability called "NXNSAttack" in some Huawei products. There is no effective limitation on the number of fetches performed when the DNS recursive server processes references. An attacker can exploit this vulnerability by sending a request for an attacker-controlled domain to a...

CVE-2020-5591

XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a...

162,000 WordPress Sites Used in DDoS Attack

More than 162,000 “popular and clean” WordPress sites were recently used in a large-scale distributed denial of service attack DDoS that exploited the content management system’s pingback feature. While the WordPress team is aware of the issue it’s not expected to be patched as it’s a default...