GROWI 及更早跨站脚本漏洞

Weseek Growi is an open source wiki system that can be written in Markdown by Weseek Japan. A security vulnerability in GROWI v4.2.19 and earlier versions, which stems from insufficient tag cleanup, allows remote attackers to execute arbitrary scripts on the web browsers of users accessing...

CVE-2021-28901

Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...

PT-2021-10278 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.20 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Description field in the Add New Forum page. This can be achieved by doing an authenticated POST HTTP request to...

PT-2021-10277 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.20 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Title field in the Add New Forum page. This can be achieved by doing an authenticated POST HTTP request to...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

CVE-2021-20809

Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable...

CVE-2021-20814

Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, and Movable Type Premium 1.44 and earlier allows remote...

CVE-2021-20815

Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and...

CVE-2021-20771

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20774

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20792

Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors...

VulnCheck KEV: CVE-2016-5165

Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...

CVE-2018-17862

The CVE describes a cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori. An attacker can inject arbitrary web script via the sys_jdbc parameter to the path /TestJDBC_Web/test2. Affected software is SAP J2EE Engine/7.01/Fiori; the issue is tied to improper handling/validation of...

QSAN Storage Manager 跨站脚本漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technology Corporation QSAN. A security vulnerability exists in QSAN Storage Manager that stems from the title page parameter not filtering special characters. A remote attacker can inject JavaScript and launch a reflective XSS attack t...

CVE-2021-25204

Cross-site scripting XSS vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedbackprocess.php...

CVE-2021-25197

Cross-site scripting XSS vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to contentmanagementsystem\admin\newcontent.php...

CVE-2021-20784

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...

CVE-2020-24145

Cross Site Scripting XSS vulnerability in the CM Download Manager aka cm-download-manager plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action...

CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...

CVE-2021-20741

Cross-site scripting vulnerability in Hitachi Application Server Help Hitachi Application Server V10 Manual Windows version 10-11-01 and earlier and Hitachi Application Server V10 Manual UNIX version 10-11-01 and earlier allows a remote attacker to inject an arbitrary script via unspecified vecto...