CVE-2021-20808

Cross-site scripting vulnerability in Search screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and earlier, and...

DotCMS 注入漏洞

Dotcms dotCMS is a content management system CMS from the American company dotCMS Dotcms. The system supports RSS feeds, blogs, forums and other modules, and is easy to extend and build. A security vulnerability exists in DotCMS versions prior to 5.1, which stems from incorrect access control for...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED A cross-site scripting XSS vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sysjdbc parameter to /TestJDBCWeb/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2021-37593

PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest unauthenticated can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly...

SourceCodester Fantastic-Blog-CMS 跨站脚本漏洞

SourceCodester Fantastic-Blog-CMS is an application. A blogging system. version 1.0 of SourceCodester Fantastic-Blog-CMS contains a security vulnerability that can be exploited by remote attackers to inject arbitrary web script or HTML via the search field search.php...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Event Espresso Core plugin has a security vulnerability, version 4.10.6.p and below allows...

Aruba ClearPass Policy Manager SQL注入漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager has a security vulnerability that could allow a remote attacker to perform a SQL injection attack on a ClearPass instance...

DEBIAN-CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

Joomla! 跨站脚本漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! versions 3.0.0 through...

CVE-2021-20725

Reflected cross-site scripting vulnerability in the admin page of Calendar01 free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20724

Reflected cross-site scripting vulnerability in the admin page of Telop01 free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

The vulnerability of the communication standards for IEEE 802.11 operating systems on Windows allows a intruder to inject arbitrary network packets.

The vulnerability of the IEEE 802.11 communication standard for Windows operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to inject arbitrary network packets remotely...

CVE-2021-29032

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI...

4images cross-site scripting vulnerability (CNVD-2021-22854)

4images is an open source image management system. 4images 1.8 version of the cross-site scripting vulnerability , the vulnerability stems from the redirect parameter does not do effective filtering of user input , a remote attacker can use this vulnerability to inject JavaScript...

CVE-2021-26578

A potential security vulnerability has been identified in HPE Network Orchestrator NetO versions: Prior to 2.5. The vulnerability could be remotely exploited with SQL injection...

CVE-2021-24136

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location ...

Excellent Infotek Corporation EIC e-document system SQL注入漏洞

Excellent Infotek Corporation EIC e-document system is an application system of Excellent Infotek Corporation. EIC e-document system is an application system of Excellent Infotek Corporation, which provides precise, simple and standardized XML document forms to simplify the process of writing and...

CVE-2021-27678

Cross-site scripting XSS vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

Paweł Klockiewicz Batflat CMS 跨站脚本漏洞

Batflat is a simple, lightweight content management system CMS. A cross-site scripting vulnerability exists in "Navigation" in Batflat 1.3.6, which can be exploited by remote attackers to inject arbitrary web script or HTML via a field name...

Batflat CMS 跨站脚本漏洞

Batflat is a simple, lightweight content management system CMS. A cross-site scripting vulnerability exists in Galleries in Batflat 1.3.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via field names...