MantisBT allows XSS via the Manage Filter page

A cross-site scripting XSS vulnerability in the Manage Filters page managefilterpage.php in MantisBT 2.1.0 through 2.17.1 allows remote attackers if access rights permit it to inject arbitrary code if CSP settings permit it through a crafted project name...

GHSA-C5X3-GQ36-PRRP PHPUnit extension for TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-98XR-MMQ5-VC5H MantisBT XSS allows unsanitized input via admin/install.php

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...

CVE-2021-43712

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field...

CVE-2021-44053

CVE-2021-44053 is a cross-site scripting (XSS) vulnerability affecting QNAP devices running QTS, QuTS hero, and QuTScloud. The issue allows remote attackers to inject malicious code. Fixed in QTS 4.5.4.1991 build 20220329 and later, QTS 5.0.0.1986 build 20220324 and later, QuTS hero h5.0.0.1986 b...

CVE-2021-27427

RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-22680

NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in memalloc, lwmemalloc and partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27419

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27425

Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mmmalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27433

ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbedkrbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27439

TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tosmmheapalloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...

CVE-2021-27433

ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbedkrbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

Integer overflow

TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tosmmheapalloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...

Integer overflow

Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mmmalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

Integer overflow

NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in memalloc, lwmemalloc and partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

Integer overflow

ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in mallocwrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

Integer overflow

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

Integer overflow

RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27433 ARM mbed-ualloc memory library Integer Overflow or Wraparound

ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbedkrbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27433

CVE-2021-27433 affects the ARM mbed-ualloc memory library (version 1.3.0). The root cause is an integer wrap-around in mbed_krbs, which can lead to arbitrary memory allocation and result in crash or remote code injection/execution. Public sources consistently describe this vulnerability and its i...