Bagecms 跨站脚本漏洞

BageCMS is a cross-platform content management system CMS based on PHP and MySQL by the BageCMS team in China. A cross-site scripting vulnerability exists in BageCMS v3.1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the custom settings module, and can ...

CVE-2023-33335

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

Cross site scripting

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...

Selenium Grid 跨站脚本漏洞

Selenium Grid is a smart proxy server for the Selenium community. It is easy to run tests in parallel on multiple machines. A security vulnerability exists in Selenium Grid version v3.141.59, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...

Sophos iView 跨站脚本漏洞

Sophos iView is a solution from Sophos UK. A security vulnerability exists in Sophos iView that stems from the presence of cross-site scripting XSS, which allows the execution of arbitrary scripts...

Aruba Networks ArubaOS 跨站脚本漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from a stored cross-site scripting XSS attack that allo...

CVE-2023-36469

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

SUSE-SU-2023:2668-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script bsc1206337...

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source CRM system for churches. Church CRM version v4.5.3 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script ...

The software for managing identities and access control in Keycloak has vulnerabilities. This vulnerability stems from the lack of name filtering during the generation of a 404 HTTP error page. As a result, attackers can execute any desired script.

The vulnerability of the Keycloak identity and access management software lies in the absence of name filtering during the generation of a 404 HTTP error page. As a result, the name of the non-existent webpage is passed unchanged to the generated error page. Exploiting this vulnerability allows a...

DzzOffice 跨站脚本漏洞

DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk DzzOffice. The platform can be used to provide online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version...

JVN#97818024: Multiple vulnerabilities in Pleasanter

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-32607 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...

Pleasanter 跨站脚本漏洞

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter. A security vulnerability exists in Pleasanter version 1.3.39.2 and prior versions. An attacker can exploit this vulnerability to execute arbitrary scripts on a logged-in user's web browser...

CVE-2023-34657

A stored cross-site scripting XSS vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the webrecordnum parameter...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-54543)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...

Wolters Kluwer TeamMate+ 跨站脚本漏洞

Wolters Kluwer TeamMate+ is a financial audit management software from Wolters Kluwer, a Dutch company. A security vulnerability exists in Wolters Kluwer TeamMate+ version 35.0.11.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...

Bludit 代码问题漏洞

Bludit is an open source lightweight blog content management system CMS. A code issue vulnerability exists in Bludit v3.14.1, which stems from an arbitrary file upload vulnerability in the component /admin/new-content that allows an attacker to execute arbitrary web script or HTML by uploading a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaylayoutadminwebportletGroupPagesPortletbackURL parameter in the SEO configuration process. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input...