411 matches found
SUSE CVE-2002-1700
Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...
SUSE CVE-2005-1156
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."...
SUSE CVE-2008-0415
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting XSS attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation...
SUSE CVE-2008-5022
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...
SUSE CVE-2011-1696
Cross-site scripting XSS vulnerability in Novell Identity Manager aka IDM User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the...
bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting...
PT-2022-6001 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. It can be exploited if an attacker convinces a victim to visit a URL referencing a vulnerable page,...
CVE-2022-44946
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...
CVE-2022-37346
EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...
CVE-2020-19914
Cross Site Scripting XSS in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function...
CVE-2022-30571
The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's...
CVE-2022-27627
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...
WordPress plugin WP Statistics 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Statistics plugin is vulnerable to a cross-site scripting vulnerability, which stems fro...
CVE-2022-22777
The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the...
PT-2022-15664 · Tibco · Tibco Jasperreports Server +5
Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 8.0.1 and below TIBCO JasperReports Server - Community Edition versions 8.0.1 and below TIBCO JasperReports Server - Developer Edition versions 8.0.0 and below TIBCO JasperReports Server for AWS Marketplace...
WordPress和WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
MarkText 跨站脚本漏洞
MarkText is a simple and elegant Markdown editor with a focus on speed and usability.A cross-site scripting vulnerability exists in versions of MarkText prior to 0.17.0, which stems from improper handling of links using javascript:scheme in documents. A remote attacker could exploit this...
GROWI 及更早跨站脚本漏洞
Weseek Growi is an open source wiki system that can be written in Markdown by Weseek Japan. A security vulnerability in GROWI v4.2.19 and earlier versions, which stems from insufficient tag cleanup, allows remote attackers to execute arbitrary scripts on the web browsers of users accessing...
PT-2021-19681 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle version 3.10.3 Description: The issue allows remote attackers to execute arbitrary web script or HTML via the Description field, which is a Cross Site Scripting XSS issue. Recommendations: For Moodle version 3.10.3, update to a newer...
safe FME Server 跨站脚本漏洞
safe FME Server is an application from safe Canada. A web data conversion application. A cross-site scripting vulnerability exists in safe FME Server that could allow a remote attacker to inject arbitrary web script or HTML code execution by modifying the username...