PT-2022-26262 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.16 Liferay DXP versions 7.3 before update 6, and 7.4 before update 17 Description: A Cross-site scripting XSS issue in the Frontend Taglib module allows remote attackers to inject arbitrary web scri...

CVE-2022-39220 XSS Vulnerabilities in WebClient

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting XSS vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist...

ForkCMS XSS via `publish_on_time` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishontime Parameter. This issue was patched in version 5.11.0...

CVE-2021-42750

CVE-2021-42750 is a stored XSS vulnerability in the ThingsBoard 3.3.1 Rule Engine that allows remote attackers with administrative access to inject JavaScript into the title of a rule node, which is executed in the editor when hovered. Multiple sources confirm the issue in ThingsBoard 3.3.1 and d...

CVE-2022-35589

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Introduction to CVE-2022-22947 The Spring C...

CVE-2022-30083

EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code remote...

CVE-2022-30083

EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code remote...

GHSA-5GXC-FXCR-9326 convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

Code injection

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

CVE-2022-25759

The CVE-2022-25759 issue affects the convert-svg-core npm package, specifically versions before 0.6.2. It enables remote code injection by processing an SVG containing a payload (notably via an onload attribute). Impact is remote code execution when using the vulnerable library in conjunction wit...

CVE-2022-25759 Remote Code Injection

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

convert-svg 代码注入漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.2, which stems from the fact that by sending SVG files containing payloads, convert-svg-core is vulnerable to remote...

Code injection

Honeywell Alerton Ascent Control Module ACM through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program...

CVE-2022-22682

CVE-2022-22682 affects Synology Calendar: an XSS flaw in Event Management prior to version 2.4.5-10930. The issue arises from improper neutralization of input during web page generation, enabling an authenticated remote attacker to inject arbitrary script/HTML through unspecified vectors. Impact ...

CVE-2017-20099

A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely...