CVE-2022-35569

Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...

CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System...

CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System...

PT-2022-22004 · I3Geo · I3Geo

Name of the Vulnerable Software and Affected Versions: Portal do Software Publico Brasileiro i3geo version 7.0.5 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered via the request token.php file, which suggests it may be related to the...

Grafana 跨站脚本漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana suffers from a cross-site scripting vulnerability that stems from insufficient...

Veeam Management Pack for Microsoft System Center 跨站脚本漏洞

Veeam Management Pack for Microsoft System Center is an ultra-comprehensive and intuitive extension for System Center from Veeam USA. It supports application-to-host management of VMware vSphere, Microsoft Hyper-V and Veeam Backup & Replication. A security vulnerability exists in Veeam Management...

Enhancesoft osTicket 跨站脚本漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A security vulnerability exists in Enhancesoft osTicket, which stems from its component audit/class.audit.php that allows attackers to execute arbitrary web script or HTML via a crafted SVG file...

CVE-2022-32247

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

CVE-2022-32247

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

CVE-2022-32247

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

Design/Logic Flaw

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

Cross site scripting

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a...

CVE-2022-32247

CVE-2022-32247 affects SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. A cross-site scripting vulnerability arises from improper sanitization of user inputs during network interactions, allowing an unauthenticated attacker to view or modify information and causi...

CVE-2022-32247

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

CVE-2022-31029 Authenticated XSS in Pi-hole AdminLTE

AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like alert"XSS" in the field marked with "Domain to look for" and hitting enter or clicking on any of the buttons will execute the script. The user must be logged in to use this vulnerability. Usually...

Oracle Linux 9 : thunderbird (ELSA-2022-4589)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-4589 advisory. 91.9.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires Orabu...

CVE-2022-20815 Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to...

EidoGo 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress EidoGo, which can be exploited by an attacker to execute arbitrary web script or HTML...

U.S. Dept Of Defense: RXSS on ███████

I found Reflected XSS on https://███/contact-us/.YsSAGCNBzaQ. The parameters in the contact form are not properly filtered, leading to possible insertion of " characters and javascript execution Impact Perform any action within the application that the user can perform. View any information that...

Zoo Management System 跨站脚本漏洞

PHPGURUKUL Zoo Management System is a zoo management system by Phpgurukul team. A cross-site scripting vulnerability exists in Zoo Management System v1.0, which stems from a lack of checksum filtering of user-supplied data and output in the Add Category feature. The vulnerability can be exploited...