CVE-2021-20814

Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, and Movable Type Premium 1.44 and earlier allows remote...

CVE-2021-20815

Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and...

CVE-2021-20771

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20774

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20792

Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors...

VulnCheck KEV: CVE-2016-5165

Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...

CVE-2018-17862

The CVE describes a cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori. An attacker can inject arbitrary web script via the sys_jdbc parameter to the path /TestJDBC_Web/test2. Affected software is SAP J2EE Engine/7.01/Fiori; the issue is tied to improper handling/validation of...

QSAN Storage Manager 跨站脚本漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technology Corporation QSAN. A security vulnerability exists in QSAN Storage Manager that stems from the title page parameter not filtering special characters. A remote attacker can inject JavaScript and launch a reflective XSS attack t...

CVE-2021-25204

Cross-site scripting XSS vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedbackprocess.php...

CVE-2021-25197

Cross-site scripting XSS vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to contentmanagementsystem\admin\newcontent.php...

CVE-2021-20784

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...

CVE-2020-24145

Cross Site Scripting XSS vulnerability in the CM Download Manager aka cm-download-manager plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action...

CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...

CVE-2021-20741

Cross-site scripting vulnerability in Hitachi Application Server Help Hitachi Application Server V10 Manual Windows version 10-11-01 and earlier and Hitachi Application Server V10 Manual UNIX version 10-11-01 and earlier allows a remote attacker to inject an arbitrary script via unspecified vecto...

CVE-2021-20734

Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

CVE-2021-20735

Cross-site scripting vulnerability in ETUNA EC-CUBE plugins Delivery slip number plugin 3.0 series 1.0.10 and earlier, Delivery slip number csv bulk registration plugin 3.0 series 1.0.8 and earlier, and Delivery slip number mail plugin 3.0 series 1.0.8 and earlier allows remote attackers to injec...

CVE-2021-20743

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...

CVE-2021-20723

Reflected cross-site scripting vulnerability in MailForm01 free edition versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27 allows a remote attacker to inject an arbitrary script via unspecified vectors...

FusionPBX 跨站脚本漏洞

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A security vulnerability exists in FusionPBX 4.5.7, which allows remote malicious users to...

VulnCheck KEV: CVE-2013-7389

Multiple cross-site scripting XSS vulnerabilities in D-Link DIR-645 Router Rev. A1 with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the 1 deviceid parameter to parentalcontrols/bind.php, 2 RESULT parameter to info.php, or 3 receiver...