CVE-2020-36234

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14...

Aca Assurex Rentes Code Issue Vulnerability

Aca Assurex Rentes is a Saas service for the management of all types of funds from the French company Aca. The service covers the entire lifecycle of an annuity contract: liquidation, calculation simulation, pricing, arrears calculation, payments, revaluation, justification, calculation of...

CVE-2020-35581

A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the metatitle parameter...

PT-2021-11838 · Quest · Quest Policy Authority

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "/WebCM/Applications/Reports/index.jsp" file via the by parameter. This...

CVE-2020-25495

A reflected Cross-site scripting XSS vulnerability in Xinuo formerly SCO Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'...

WordPress SabaiApps DirectoriesPro plugin cross-site scripting vulnerability (CNVD-2021-04368)

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress SabaiApps DirectoriesPro plugin...

The vulnerability of the KTS “Lighthouse” web interface, which stems from the lack of measures to sanitize input data, allows a perpetrator to inject any desired web script or HTML code.

The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to inject arbitrary web scripts or HTML code...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 profile parameter...

Citadel WebCit Cross-Site Scripting Vulnerability

WebCit is the Citadel Servlet engine. A cross-site scripting vulnerability exists in Citadel WebCit 926 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via multiple pages and parameters...

CVE-2020-27182

Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...

CVE-2020-27182

Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...

Known Citrix Workspace Bug Open to New Attack Vector

A Citrix Workspace vulnerability that was fixed in July has been found to have a secondary attack vector, which would allow cybercriminals to elevate privileges and remotely execute arbitrary commands under the SYSTEM account. The bug CVE-2020-8207, exists in the automatic update service of the...

PT-2020-18515 · Cybermail · Cybermail

Name of the Vulnerable Software and Affected Versions: CyberMail versions 6.x through 7.x Description: The issue allows remote attackers to inject arbitrary script or HTML via a specially crafted URL, potentially leading to cross-site scripting. Recommendations: For versions 6.x through 7.x, upda...

Cisco Data Center Network Manager Cross-Site Scripting Vulnerability (CNVD-2020-48586)

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. A cross-site scripting vulnerability exists in the Web management interface in Cis...

CVE-2020-11584

A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter...

CVE-2019-20414

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2...

Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2020-31427)

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in Atlassian Fisheye and Crucible versions prior to 4.8.2...

Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2020-31421)

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in Atlassian Fisheye and Crucible versions prior to 4.8.1...

Tecnick.com TCExam Cross-Site Scripting Vulnerability (CNVD-2020-32375)

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A cross-site scripting vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by remote attackers to inject malicious JavaScript code b...

CVE-2020-10603

WebAccess/NMS versions prior to 3.0.2 does not properly sanitize user input and may allow an attacker to inject system commands remotely...