Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

PT-2022-11938 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.0.1-42218-2 Description: The issue is related to the improper neutralization of special elements in output used by a downstream component, also known as an 'Injection' vulnerability, in the...

VulnCheck KEV: CVE-2013-0322

Cross-site scripting XSS vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field...

Ericsson CodeChecker 跨站脚本漏洞

Codechecker is an analysis tool, defect database and viewer extension for Clang Static Analyzer and Clang Tidy. A security vulnerability exists in Ericsson CodeChecker before 6.18.0 that allows remote attackers to inject arbitrary web script or HTML via POST JSON data from the /CodeCheckerService...

CVE-2021-40093

A cross-site scripting XSS vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions...

Squaredup 跨站脚本漏洞

Squaredup is a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments. a cross-site scripting vulnerability exists in Image Tile in SquaredUp for SCOM version 5.2.1.6654, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML...

CVE-2021-20840

Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors...

PT-2021-14292 · Rwtxt · Rwtxt

Name of the Vulnerable Software and Affected Versions: rwtxt versions prior to v1.8.6 Description: The issue allows a remote attacker to inject an arbitrary script via unspecified vectors, which can lead to cross-site scripting. Recommendations: For versions prior to v1.8.6, update to version...

CVE-2021-26844

A cross-site scripting XSS vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe...

UBUNTU-CVE-2021-37958

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page...

UBUNTU-CVE-2021-40926

Cross-site scripting XSS vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter...

spotweb 跨站脚本漏洞

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team.A cross-site scripting vulnerability exists in Spotweb 1.5.1 and below, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML via the newpassword2 parameter...

GetId3 跨站脚本漏洞

GetId3 is used to extract useful information from Mp3 or other media files. A cross-site scripting vulnerability in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter...

Cybozu Remote Service 跨站脚本漏洞

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a cross-site scripting vulnerability exists in the Cybozu Remote Service management interface. A remote attacker can use this vulnerability to inject arbitrary scripts...

Cybozu Remote Service 跨站脚本漏洞

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a cross-site scripting vulnerability exists in the Cybozu Remote Service management interface. A remote attacker can use this vulnerability to inject arbitrary scripts...

CVE-2021-28901

Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...

PT-2021-10278 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.20 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Description field in the Add New Forum page. This can be achieved by doing an authenticated POST HTTP request to...

PT-2021-10277 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.20 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Title field in the Add New Forum page. This can be achieved by doing an authenticated POST HTTP request to...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

CVE-2021-20809

Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable...