Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 OS command injection CWE-78 - CVE-2021-20682 Improper Neutralization of JavaScript input in the...

JVN#64869876: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

WonderLink Yomi-Search 跨站脚本漏洞

WonderLink Yomi-Search is a WonderLink application. A multi-purpose search engine. A security vulnerability exists in Yomi-Search Ver4.22, which can be exploited to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search...

WonderLink Yomi-Search 跨站脚本漏洞

WonderLink Yomi-Search is a WonderLink application. A versatile search engine. A cross-site scripting vulnerability exists in version 4.22 of Yomi-Search Ver4.22, which originates from the ability to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search. ...

Yomi-Search vulnerable to cross-site scripting

Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During the meeting of Committee for authorizing the disclosure of unresolv...

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user w...

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...

Kagemai 跨站脚本漏洞

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script in a user's web browser...

JVN#97370614: MagazinegerZ vulnerable to cross-site scripting

MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the administrative...

Zen Cart Cross-Site Scripting Vulnerability (CNVD-2021-22861)

Zen Cart is open source, free mall system for building professional online stores. A reflective cross-site scripting vulnerability exists in Zen Cart 1.5.6d. An attacker can execute malicious script via the includes/templates/templatedefault/common/tplmainpage.php or...

Cybozu Office 跨站脚本漏洞

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A cross-site scripting vulnerability exists in the address book in Cybozu Office. The vulnerability can be exploited to execute arbitrary script in a logged-in user's web browser...

Vulnerabilities fixed in F5 BIG-IQ

F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...

Multiple cross-site scripting vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Stored cross-site scripting vulnerability in Admin Page CWE-79...

Vulnerability fixed in GNU git

GNU has fixed a vulnerability in git. A malicious person could exploit the vulnerability to create a rogue repository from which scripts are automatically executed upon check out. This allows the malicious party to execute arbitrary code with permissions of git on the vulnerable system. GNU has...

DEBIAN-CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

WESEEK GROWI cross-site scripting vulnerability (CNVD-2021-16350)

GROWI is a team collaboration software. A stored cross-site scripting vulnerability exists in WESEEK GROWI 4.2.2 and earlier versions, which can be exploited by a remote attacker to execute arbitrary script in a user's browser by sending specially crafted content...

Git 后置链接漏洞

Git is a free, open source distributed version control system. Git suffers from a back-linking vulnerability that allows an attacker to clone to a case-insensitive filesystem using a specially crafted repository that leads to the execution of just-checked scripts...

Aruba Networks AirWave Management Platform Cross-Site Scripting Vulnerability

Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting and historical data reporting. A reflective cross-site scripting vulnerability exists in the web...

OESA-2021-1068 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. The latest...

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability

Aruba ClearPass Policy Manager is a network access control NAC solution. A reflective cross-site scripting vulnerability in the client portal interface of Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute arbitrary script...