Cross-Site Scripting (XSS)

Liferay portal is vulnerable to cross-site scripting XSS. It allows remote authenticated users to inject arbitrary web script or HTML into a victim's browser via the blog title...

Craft CMS Cross-Site Scripting Vulnerability (CNVD-2019-06339)

Craft CMS is a content management system CMS. A cross-site scripting vulnerability exists in the header insertion field in Craft CMS version 3.1.12 Pro. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2019-8279

Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum...

MOPCMS Cross-Site Scripting Vulnerability

MOPCMS is a content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in MOPCMS 2018-11-30 and earlier versions, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'formname' parameter...

pfSense HAProxy package cross-site scripting vulnerability

pfsense is an open source routing and firewall software , based on freebsd system customization and development . A cross-site scripting vulnerability exists in pfSense's HAProxy package before version 0.5916. A remote attacker can use this vulnerability to inject arbitrary Web script or HTML wit...

HotelDruid Cross-Site Scripting Vulnerability

HotelDruid is a nine-point management system from the DigitalDruid.Net team. The system includes features such as room management, financial management and inventory management. A cross-site scripting vulnerability exists in HotelDruid version 2.3. A remote attacker can exploit this vulnerability...

Atlassian Fisheye and Crucible cross-site scripting vulnerabilities (CNVD-2019-04924)

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in Atlassian Fisheye and Crucible versions prior to 4.7.0...

WTCMS Cross-Site Scripting Vulnerability

WTCMS is a ThinkPHP-based content management system CMS. A cross-site scripting vulnerability exists in WTCMS version 1.0, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'statistic code' field...

ZoneMinder cross-site scripting vulnerability (CNVD-2019-04695)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras and more. ZoneMinder 1.32.3 before the version of skins/classic/views/controlcap.php file has a cross-site scripting vulnerability , a remote attacker can use the newControl array with...

The vulnerability of the PAN-OS operating system arises from insufficient protection of the web page structure, allowing attackers to inject any desired JavaScript or HTML code into the loaded web page.

The vulnerability of the PAN-OS operating system exists due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code into the loaded web page from a remote location...

Cross-Site Scripting (XSS)

bootstrap-vue is vulnerable to cross-site scripting XSS. The option variable is not validated and sanitized, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

Cleanto SQL Injection Vulnerability

Cleanto is an online booking system developed specifically for cleaning service companies. A SQL injection vulnerability exists in Cleanto version 5.0, which can be exploited by remote attackers to execute SQL commands with the 'serviceid' parameter...

Cacti cross-site scripting vulnerability (CNVD-2019-14551)

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. A cross-site scripting vulnerability exists in the 'Vertical Label' field of the graphtemplates.php file in versions of Cacti prior to 1.2.0, which stems fro...

Remote Injection Attacks

jenkins is vulnerable to remote injection attacks. The vulnerability exists as Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

CloudBees Jenkins Config File Provider Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Config File Provider Plugin is...

razorCMS Cross-Site Scripting Vulnerability (CNVD-2019-00810)

razorCMS is an open source content management system written in PHP, which stores all data in flat files, so there is no need to install a database. A cross-site scripting vulnerability exists in razorCMS version 3.4.8. A remote attacker can exploit this vulnerability by injecting HTML or script...

UCMS cross-site scripting vulnerability (CNVD-2019-01087)

UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in the sadmin\cedit.php file in UCMS version 1.4.7. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-00995)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/page.php?rec=edit in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with...

Q'center Virtual Appliance Cross-Site Scripting Vulnerability (CNVD-2019-03341)

QNAP Q'center Virtual Appliance is a virtual appliance from QNAP Systems for deploying Q'center QNAP NAS Management Platform in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation. A cross-site scripting vulnerability exists in QNAP Q'center Virtual Appliance version...

CVE-2018-0724

Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723...