AXIS 207W 跨站脚本漏洞

The AXIS 207W is a web camera from AXIS Sweden. The AXIS 207W network camera suffers from a cross-site scripting vulnerability that originates from a Reflected Cross-Site Scripting XSS vulnerability in the Web Management Portal, which can be exploited by a remote attacker to execute arbitrary...

SUSE CVE-2005-1937

A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by...

SUSE CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

SUSE CVE-2007-0994

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

SUSE CVE-2008-3835

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors...

SUSE CVE-2009-1838

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

SUSE CVE-2010-3773

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

SUSE CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...

SUSE CVE-2017-12061

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...

CVE-2022-4286

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

The vulnerability of the microprogrammed Ethernet switches Moxa SDS-3008 lies in the insufficient protection of the web page structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the microprogrammed Ethernet switch software from Moxa, the SDS-3008 model, is related to insufficient protection of the website structure during the processing of the Switch Location field in the Switch Information section. Exploiting this vulnerability allows an attacker to...

The vulnerability of the microprogrammed Ethernet switches Moxa SDS-3008 lies in the insufficient protection of the web page structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the microprogrammed Ethernet switches from Moxa, the SDS-3008 model, is related to insufficient protection of the website structure when processing the Switch Description field in the Switch Information section. Exploiting this vulnerability allows an attacker to execute...

Tasmota 跨站脚本漏洞

Tasmota is a replacement firmware for the ESP8266 with easy configuration using the webUI, OTA updates, automation using timers or rules, scalability, and full local control over MQTT, HTTP, serial or KNX. A security vulnerability exists in Tasmota firmware version 6.5.0 that could allow a remote...

DEBIAN-CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

CVE-2022-43754

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed...

GHSA-43XG-8WMJ-CW8H Apache Spark vulnerable to Log Injection

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

Ragic 跨站脚本漏洞

Ragic is a No Code enterprise e-enablement tool from China Immediate Technology Ragic. A cross-site scripting vulnerability exists in versions of Ragic prior to 2022/06/28, which stems from insufficient filtering of special characters on the report generation page and can be exploited by a remote...

CVE-2022-40178

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

PT-2022-24263 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions prior to 10.8.1 Description: The issue allows a remote attacker to potentially execute arbitrary JavaScript code in a victim's browser by convincing the user to click on a crafted link. This is due to a reflect...

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition, related to the lack of measures taken to protect the website structure, allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...