Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability (CNVD-2021-13473)

Aruba ClearPass Policy Manager is a network access control NAC solution. A stored cross-site scripting vulnerability in the ClearPass web administration interface in versions prior to Aruba ClearPass Policy Manager 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute...

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is a network access control NAC solution. A reflective cross-site scripting vulnerability in the client portal interface of Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute arbitrary script...

CVE-2021-20066

A flaw was found in jsdom. JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

CVE-2021-1351

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

Code injection

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

CVE-2021-20066

CVE-2021-20066 affects the JSDom project and describes an issue where local resources can be loaded improperly, allowing a malicious web page to manipulate local files when script execution is enabled. The core description across sources states that loading of local resources can bypass access re...

JSDom Security Vulnerabilities

A security vulnerability exists in JSDom that stems from incorrectly allowing local resources to be loaded, which allows local files to be manipulated by a malicious web page when script execution is enabled...

Vulnerabilities fixed in Xerox WorkCentre

Xerox has fixed several vulnerabilities in WorkCentre. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is...

CentOS 8 : libreoffice (CESA-2020:1598)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1598 advisory. - libreoffice: Remote resources protection module not applied to bullet graphics CVE-2019-9849 - libreoffice: Insufficient URL validation allowing...

CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to bypass a security measure and perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers of MIS...

多款 Cisco 产品跨站脚本漏洞

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A stored cross-site scripting vulnerability exists in the Web management interface of the Cisco...

CuteSoft Cute Editor Cross-Site Scripting Vulnerability

CuteSoft Cute Editor is a U.S. CuteSoft company can be used to edit PHP and ASP HTML editor. A cross-site scripting vulnerability exists in Cute Editor for ASP.NET version 6.4, which allows remote attackers to execute scripts in the victim's web browser using specially crafted URLs...

CVE-2020-26768

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

Cross site scripting

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...

CVE-2020-24902

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...

XSS in HtmlSanitizer

Impact If you have explicitly allowed the tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the tag so there is no risk if you have not explicitly allowed the tag. Patches The problem has been fixed in version 5.0.372...

Cross site scripting

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting XSS vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security...