karo Metacharacter Handling Remote Command Execution

The karo gem through 2.5.2 for Ruby allows Remote command injection via the host field. A flaw in db.rb is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands. In particular lines 76 and 95 as of 2014-06-01 pass unsanitized user supplied input to...

GHSA-579V-MP3V-RRW5 jQuery vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

Horizon-Orchestration Cross-site scripting (XSS) vulnerability through resource name

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject...

CVE-2022-22413

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022...

CVE-2021-43712

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field...

IBM Maximo Asset Management 安全漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. IBM Maximo Asset Management versions 7.6.1.1 and 7.6.1.2 are vulnerable due to an input validation error in the HOST header, which can be exploited by remote attackers to by sending a...

GHSA-53WJ-6M7W-J6MJ MoinMoin Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action...

GHSA-P3VW-FVWX-QCV5 Cross-site scripting in Apache Struts

Cross-site scripting XSS vulnerability in 1 LookupDispatchAction and possibly 2 DispatchAction and 3 ActionDispatcher in Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting...

CVE-2022-26597

Cross-site scripting XSS vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name...

CVE-2022-24229

A cross-site scripting XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor...

Ascensio System ONLYOFFICE Document Server 跨站脚本漏洞

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets, presentations and more. A cross-site scripting vulnerability exists in ONLYOFFICE Document Server Example versions prior...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel...

LimeSurvey 跨站脚本漏洞

LimeSurvey formerly known as PHPSurveyor is an open source online survey program from the LimeSurvey Limesurvey team that supports survey program development, survey publishing, and data collection. A security vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406...

CVE-2021-42169

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code by: oretnom23 is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter username from the login form is not protected correctly and there is no security and escaping fr...

Cross site scripting

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-41567 Tad Uploader - Stored XSS

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-40921

Cross-site scripting XSS vulnerability in contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter...

CVE-2021-40922

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the lastname parameter...

AHSS-PHP 1.0 Cross Site Scripting / SQL Injection Vulnerabilities

Exploit Title: AHSS-PHP by: oretnom23 v1.0 is vulnerable in the application /scheduler/classes/Login.php to remote SQL-Injection-Bypass-Authentication + XSS-Stored Hijacking PHPSESSID Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 09.15.2021 Vendor:...

CVE-2021-35061

Multiple cross-site scripting XSS vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components...