4545 matches found
CVE-2021-20735
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins Delivery slip number plugin 3.0 series 1.0.10 and earlier, Delivery slip number csv bulk registration plugin 3.0 series 1.0.8 and earlier, and Delivery slip number mail plugin 3.0 series 1.0.8 and earlier allows remote attackers to injec...
CVE-2021-20734
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors...
CVE-2021-20743
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...
CVE-2021-20723
Reflected cross-site scripting vulnerability in MailForm01 free edition versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27 allows a remote attacker to inject an arbitrary script via unspecified vectors...
FusionPBX 跨站脚本漏洞
FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A security vulnerability exists in FusionPBX 4.5.7, which allows remote malicious users to...
PT-2021-19681 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle version 3.10.3 Description: The issue allows remote attackers to execute arbitrary web script or HTML via the Description field, which is a Cross Site Scripting XSS issue. Recommendations: For Moodle version 3.10.3, update to a newer...
safe FME Server 跨站脚本漏洞
safe FME Server is an application from safe Canada. A web data conversion application. A cross-site scripting vulnerability exists in safe FME Server that could allow a remote attacker to inject arbitrary web script or HTML code execution by modifying the username...
VulnCheck KEV: CVE-2013-7389
Multiple cross-site scripting XSS vulnerabilities in D-Link DIR-645 Router Rev. A1 with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the 1 deviceid parameter to parentalcontrols/bind.php, 2 RESULT parameter to info.php, or 3 receiver...
CVE-2020-23762
Cross Site Scripting XSS vulnerability in the Larsens Calender plugin Version = 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab...
CVE-2021-20689
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20691
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20686
Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20684
Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors...
BaserCMS JavaScript Input Improper Neutralization Vulnerability (CNVD-2021-23789)
BaserCMS is an open source enterprise-level content management system cms. A JavaScript Input Improper Neutralization vulnerability exists in the page editing feature in BaserCMS versions prior to 4.4.5. A remote authenticated attacker can exploit this vulnerability to inject arbitrary scripts...
CVE-2021-20628
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox...
Tecnoteca openMAINT 跨站脚本漏洞
Tecnoteca openMAINT is an application from the Italian company Tecnoteca. It is based on the CMDBuild software, from which it inherits basic functionality and configuration mechanisms. A security vulnerability exists in openMAINT 2.1-3.3-b, which can be exploited by remote attackers to inject...
Batflat Cross-Site Scripting Vulnerability (CNVD-2021-18015)
Batflat is a simple, lightweight content management system CMS. A cross-site scripting vulnerability exists in Galleries in Batflat 1.3.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via field names...
CVE-2021-27679
Cross-site scripting XSS vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...
OESA-2021-1068 python-lxml security update
The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. The latest...
CVE-2021-20663
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4705 and earlier Movable Type Advanced 7 Series, Movable Type 6.7.5 and earlier Movable Type 6.7 Series, Movable Type Premium 1.39 and...