3009 matches found
CVE-2020-27852
A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...
CVE-2020-35582
CVE-2020-35582 affects Envira Gallery Lite prior to 1.8.3.3. It is a stored cross-site scripting (XSS) vulnerability: an attacker can inject arbitrary JavaScript/HTML via the post_title parameter in a POST to /wp-admin/post.php. The vulnerability is associated with Envira Gallery Lite, with affec...
CVE-2021-21466
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...
CVE-2021-21466
CVE-2021-21466 affects SAP Business Warehouse (versions 700–750, 782) and SAP BW/4HANA (100–200). The issue enables a low-privileged attacker to inject code via a remote-enabled SAP function module, allowing creation of a malicious ABAP report to access sensitive data, inject UPDATE statements (p...
CVE-2021-21466
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...
CVE-2020-35719
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by...
Cross site scripting
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter or indirectly via the cpr, tcp, or abs parameter. NOTE: This vulnerability only affects products that are no...
Cross site scripting
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by...
CVE-2020-35726
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by t...
PT-2021-11831 · Quest · Quest Policy Authority
Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "/WebCM/Applications/Search/index.jsp" file via the added parameter. This...
PT-2021-11839 · Quest · Quest Policy Authority
Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "BrowseDirs.do" file using the title parameter. This affects products that a...
PT-2021-11836 · Quest · Quest Policy Authority
Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "Error.jsp" file. This can be achieved directly via the err parameter or...
PT-2021-11837 · Quest · Quest Policy Authority
Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "/WebCM/index.jsp" file using the msg parameter. This affects products that...
Quest Policy Authority For Unified Communications Cross-Site Scripting Vulnerability
Quest Software Policy Authority For Unified Communications is a software from Quest Software, Inc. that is used in enterprise environments to consolidate communication data text and instant messaging, videoconferencing, email and voicemail between various media. A cross-site scripting vulnerabili...
Quest Policy Authority Cross-Site Scripting Vulnerability
Quest Software Policy Authority For Unified Communications is a software from Quest Software, Inc. that is used in enterprise environments to consolidate communication data text and instant messaging, videoconferencing, email and voicemail between various media. A cross-site scripting vulnerabili...
Quest Policy Authority For Unified Communications 跨站脚本漏洞
Quest Policy Authority For Unified Communications is a software from Quest, Inc. that is used in corporate environments to consolidate communication data between various media text and instant messaging, video conferencing, email and voicemail. A cross-site scripting vulnerability in Quest Policy...
Remote Code Execution (RCE)
osc is vulnerable to remote code injection. An attacker can change downloaded packages to overwrite arbitrary files...
CVE-2020-2503
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later...
CVE-2020-2503
CVE-2020-2503 is a stored cross-site scripting vulnerability affecting QNAP QES File Station. The underlying issue allows injected scripts to execute remotely if exploited. QNAP has fixed these issues in QES 2.1.1 Build 20201006 and later. The connected sources confirm the flaw and the patch, but...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...