Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module

Cross-site scripting XSS vulnerability in the Gogo Shell module before 5.0.2 from Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output o...

MarkText 跨站脚本漏洞

MarkText is a simple and elegant Markdown editor with a focus on speed and usability.A cross-site scripting vulnerability exists in versions of MarkText prior to 0.17.0, which stems from improper handling of links using javascript:scheme in documents. A remote attacker could exploit this...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

PT-2022-11938 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.0.1-42218-2 Description: The issue is related to the improper neutralization of special elements in output used by a downstream component, also known as an 'Injection' vulnerability, in the...

VulnCheck KEV: CVE-2013-0322

Cross-site scripting XSS vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field...

CVE-2022-22156

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The...

Ericsson CodeChecker 跨站脚本漏洞

Codechecker is an analysis tool, defect database and viewer extension for Clang Static Analyzer and Clang Tidy. A security vulnerability exists in Ericsson CodeChecker before 6.18.0 that allows remote attackers to inject arbitrary web script or HTML via POST JSON data from the /CodeCheckerService...

CVE-2022-22156

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The...

CVE-2021-40093

A cross-site scripting XSS vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions...

Squaredup 跨站脚本漏洞

Squaredup is a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments. a cross-site scripting vulnerability exists in Image Tile in SquaredUp for SCOM version 5.2.1.6654, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML...

CVE-2021-20840

Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors...

PT-2021-14292 · Rwtxt · Rwtxt

Name of the Vulnerable Software and Affected Versions: rwtxt versions prior to v1.8.6 Description: The issue allows a remote attacker to inject an arbitrary script via unspecified vectors, which can lead to cross-site scripting. Recommendations: For versions prior to v1.8.6, update to version...

CVE-2021-26844

A cross-site scripting XSS vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe...

Cross-Site Script Inclusion (XSSI)

A Cross Site Script Inclusion XSSI is the inclusion of a remote page. This vulnerability allows, among other things, to bypass the Same-Origin Policy mechanism of the browser. By forcing a victim to navigate to a malicious site, rather than making a direct request with JavaScript to the desired...

UBUNTU-CVE-2021-37958

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page...

UBUNTU-CVE-2021-40926

Cross-site scripting XSS vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter...

spotweb 跨站脚本漏洞

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team.A cross-site scripting vulnerability exists in Spotweb 1.5.1 and below, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML via the newpassword2 parameter...

GetId3 跨站脚本漏洞

GetId3 is used to extract useful information from Mp3 or other media files. A cross-site scripting vulnerability in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter...

Cybozu Remote Service 跨站脚本漏洞

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a cross-site scripting vulnerability exists in the Cybozu Remote Service management interface. A remote attacker can use this vulnerability to inject arbitrary scripts...

Cybozu Remote Service 跨站脚本漏洞

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a cross-site scripting vulnerability exists in the Cybozu Remote Service management interface. A remote attacker can use this vulnerability to inject arbitrary scripts...