PT-2021-16728 · Avaya · Avaya Aura Utility Services

Name of the Vulnerable Software and Affected Versions: Avaya Aura Utility Services versions 7.x Description: A privilege escalation issue was discovered in Avaya Aura Utility Services, potentially allowing a local user to execute specially crafted scripts as a privileged user. Recommendations: Fo...

WordPress plugin Admin Columns 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Hitachi Application Server Help vulnerable cross-site scripting

Overview Hitachi Application Server Help contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrar...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress Welcart e-Commerce, which stems from...

TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)

Exploit Title: TextPattern CMS 4.8.7 - Stored Cross-Site Scripting XSS Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp TextPattern is pron...

CVE-2021-29995

A Cross Site Request Forgery CSRF issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user including script execution. The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1...

CVE-2021-29995

A Cross Site Request Forgery CSRF issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user including script execution. The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1...

CVE-2021-29995

A Cross Site Request Forgery CSRF issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user including script execution. The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1...

CloverDX Server Console 跨站请求伪造漏洞

CloverDX is an enterprise data management platform designed to solve demanding real-world data challenges. Design, automate, manipulate and publish data. A security vulnerability exists in CloverDX Server Console that stems from a cross-site request forgery CSRF issue in CloverDX Server Console...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-39688)

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

CMS Made Simple 跨站脚本漏洞

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.

The vulnerability of the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code and script code in the user’s browser, within the context of the...

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. The vulnerabilities allow an authenticated malicious person to execute scripts without having the necessary permissions to do so. In addition, a malicious person with inactive account could bypass a security measure that allows access to the account to be...

CVE-2021-20727

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr...

PHP Factory MailForm01 跨站脚本漏洞

php factory MailForm01 is a free PHP mail form program from PHP Factory Japan that can be easily installed with just one file. A security vulnerability exists in MailForm01 versions prior to 2021-05-20, which stems from insufficient harmless handling of user-supplied data. An attacker can exploit...

PHP Factory Telop01 跨站脚本漏洞

php factory Telop01 is a simple PHP program from Japan's PHP Factory that displays subtitles, news tickers and headlines in flowing characters on the home page and any page. A security vulnerability exists in Telop01 1.0.1, which stems from insufficient sanitization of user-supplied data in the...

CVE-2021-32622

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

Design/Logic Flaw

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

CVE-2021-32622

CVE-2021-32622 affects the Matrix-React-SDK (Matrix-React-SDK) prior to version 3.21.0. The vulnerability arises during file uploads: when a user previews an uploaded file, scripts embedded in the file can execute, but only for the local user and only after several user interactions to open the p...

Moodle 跨站脚本漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site scripting vulnerability exists in Moodle, which can be exploited to inject and execute arbitrary HTML and script code in ...