WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A cross-site scripting vulnerability exists in WeGIA versions prior to 3.2.8, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that allows an attacker to inject malicio...

Habitica 跨站脚本漏洞

Habitica is an open source habit-forming program open-sourced by HabitRPG. A cross-site scripting vulnerability exists in Habitica versions prior to 5.28.5 that stems from incorrect cleanup functionality and is susceptible to reflective cross-site scripting attacks...

WordPress plugin Smoove connector for Elementor forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress plugin Splash Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress plugin Seriously Simple Podcasting 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Seriously Simple...

WordPress plugin Kama SpamBlock 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Contact Form 7 Math Captcha 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

WordPress plugin Ultimate Classified Listings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

SAP Business Warehouse Cross-Site Scripting Vulnerability

SAP Business Warehouse is an enterprise-class data warehouse system from SAP, Germany, whose main purpose is to help organizations integrate data from different systems for data analysis and decision making. SAP Business Warehouse suffers from a cross-site scripting vulnerability that stems from...

PT-2023-31245 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A reflective cross-site scripting XSS issue was discovered in DedeCMS. The vulnerability is exploited via the imgstick parameter at the "selectimages.php" endpoint. This allows for malicious scripts to be...

XWiki Platform Cross-Site Scripting Vulnerability

XWiki Platform is a suite of Wiki platforms for creating collaborative Web applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that stems from the fact that XWiki is susceptible to a reflective cross-site scripting attack when validating the name of...

WordPress plugin Vimeotheque cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-24260 · Gira Giersiepen · Gira Knx/Ip-Router

Name of the Vulnerable Software and Affected Versions: Gira Giersiepen Gira KNX/IP-Router versions 3.1.3683.0 through 3.3.8.0 Description: The web interface of the affected software responds with a "404 - Not Found" status code when accessing a non-existent path, and the value of the path is...

Openfind Mail2000 跨站脚本漏洞

Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in Openfind Mail2000 V7 and prior versions, which stems from insufficient special character filtering of email content, and allows a remote attacker to trigger a reflective cross-site scripting attack usin...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A cross-site scripting vulnerability exists in JetBrai...

pay-rails Pay 跨站脚本漏洞

pay-rails Pay is a payment engine for Ruby on Rails. A cross-site scripting vulnerability exists in pay-rails Pay versions prior to 6.3.2, which stems from the presence of reflective cross-site scripting...

Aruba Networks ClearPass Policy Manager 跨站脚本漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability exists in Aruba Networks ClearPass Policy Manager that originates from the presence of Reflective Cross Site Scripting XSS, whic...

WebSoft HCM 跨站脚本漏洞

WebSoft HCM is a talent management and HR services platform from WebSoft Ukraine. A security vulnerability exists in WebSoft HCM version 2021.2.3.327, which stems from inadequate handling of user input and allows an authenticated attacker to inject arbitrary HTML markup into pages processed by th...

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS concrete5 versions prior to 8.5.10 and 9.0.0 through 9.1.2, which stems from susceptibility to a Reflective XSS attack,...

Bosch VIDEOJET multi 4000 跨站脚本漏洞

Bosch VIDEOJET multi 4000 is a 16-channel CCTV video encoder from Bosch. It provides best-in-class IP video performance for security camera systems. A security vulnerability exists in the Bosch VIDEOJET multi 4000 version, which stems from an error in the URL handler that could lead to reflective...