Code injection

Xerox Phaser 6510 before 64.61.23 and 64.59.11 Bridge, WorkCentre 6515 before 65.61.23 and 65.59.11 Bridge, VersaLink B400 before 37.61.23 and 37.59.01 Bridge, B405 before 38.61.23 and 38.59.01 Bridge, B600/B610 before 32.61.23 and 32.59.01 Bridge, B605/B615 before 33.61.23 and 33.59.01 Bridge,...

Craft CMS Cross-Site Scripting Vulnerability (CNVD-2021-22951)

Craft CMS is a content management system for developers, designers and web professionals that provides flexibility, power and ease of use. A cross-site scripting vulnerability exists in Craft CMS version 3.1.31. A remote attacker can inject arbitrary web script or HTML via /admin/settings/sites/n...

CVE-2021-20683

The CVE-2021-20683 issue affects baserCMS versions before 4.4.5, due to improper neutralization of JavaScript input in the blog article editing function. This creates a Cross-Site Scripting (XSS) risk where remote authenticated attackers can inject arbitrary scripts via unspecified vectors. The v...

CVE-2021-29009

SEO Panel 4.8.0 is affected by a cross-site scripting (XSS) vulnerability. The issue arises in archive.php via the type parameter, allowing remote attackers to inject JavaScript. Documented impact includes partial integrity and low confidentiality impact with network attack vector and user intera...

CVE-2021-27695

CVE-2021-27695 : Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1–3.3-b allow remote attackers to inject arbitrary web script or HTML via Add sections (e.g., Building Card) in Name/Code parameters. Affects openMAINT 2.1–3.3-b; confirmed by NVD and multiple vendors (Red ...

XStream Code Execution Vulnerability (CNVD-2021-28332)

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . A code execution vulnerability exists in XStream, which can be exploited by an attacker to manipulate the processed input stream and...

CVE-2021-20667

GROWI web app (WESEEK) has a stored cross-site scripting vulnerability (CVE-2021-20667) caused by inadequate CSP configuration in v4.2.2 and earlier. A remote authenticated attacker can inject arbitrary scripts via crafted content, leading to script execution in a user’s browser. The issue affect...

CVE-2020-2502

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later...

CVE-2020-2502

CVE-2020-2502 is a cross-site scripting vulnerability in QNAP Photo Station. The issue allows remote attackers to inject malicious code via the affected component, with public scoring: CVSS v2 base 4.3 (MEDIUM) and CVSS v3.1 base 6.1 (MEDIUM). The provided connected data confirms the vulnerabilit...

DEBIAN-CVE-2020-8031

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...

CVE-2020-5023

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659...

CVE-2020-35125

CVE-2020-35125 is an XSS vulnerability in Mautic’s forms component (mautic[return]) that affects versions prior to 3.2.4. Exploitation could enable remote injection of JavaScript and, per sources, may lead to unauthorized administrator-level access. Public advisories reference patches: upgrade to...

AngularJS: Prototype pollution in merge function could result in code injection

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

CVE-2020-36011

A cross-site scripting XSS issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field...

CVE-2020-36011

A cross-site scripting XSS issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field...

CVE-2020-36011

A cross-site scripting XSS issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field...

CVE-2020-36011

CVE-2020-36011 : XSS in Add Patient Form of QDOCS Smart Hospital Management System 3.1. A remote attacker can inject arbitrary code via Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies fields. Documents confirm the affected product and the vulnerability type but do not provide...

Code Injection and Directory Traversal in plexus-utils

This vulnerability allows unauthenticated remote attackers to inject code and XML as well as perform directory traversal via CVE-2017-1000487 - command injection sonatype-2016-0398 - directory traversal sonatype-2015-0173 - XML Injection The affected versions are before version 7.2.2, and before...

PT-2021-19554 · Tenda · Tenda Ac5 Ac1200

Name of the Vulnerable Software and Affected Versions: Tenda AC5 AC1200 version V15.03.06.47 multi Description: A Stored Cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter in the Wifi Settings, specifically in the...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...