asrs.org Cross Site Scripting vulnerability OBB-2120682

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

elearning.cpag.org.uk Cross Site Scripting vulnerability OBB-2120628

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

wizshot.com Cross Site Scripting vulnerability OBB-2120575

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2021-27822

A persistent cross site scripting XSS vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field...

klamathcc.edu Cross Site Scripting vulnerability OBB-2119049

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

impldoll.com Cross Site Scripting vulnerability OBB-2119009

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Security Updates for Microsoft Dynamics NAV (August 2021)

The Microsoft Dynamics NAV install is missing a security update. It is, therefore, affected by a Cross-site Scripting Vulnerability. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenabl...

Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities

Microsoft Patch Tuesday – August 2021 Microsoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release. Critical Microsoft Vulnerabilities Patched CVE-2021-36942 - Windows...

CVE-2021-33702

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets...

CVE-2021-36803

Akaunting version 2.1.12 and earlier suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product...

Cross-site Scripting (XSS)

curly-bracket-parser is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser when used as a template library due to lack of user input sanitization...

CVE-2021-25790

Multiple stored cross site scripting XSS vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number...

CVE-2020-7390

Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 components shipped with Syracuse...

CVE-2021-22522

Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data...

CVE-2021-26082

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability...

Advantech R-SeeNet telnet_form.php Reflected XSS vulnerability

Summary Cross-site scripting vulnerabilities exist in the telnetform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can...

CVE-2021-29103 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.

A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a free web-based open source project management application. A stored cross-site scripting vulnerability exists in the "User Access Groups" feature in Rukovoditel version 2.7.2, which can be exploited to execute arbitrary web script or HTML via the 'Name' parameter...

OPENSUSE-SU-2021:0974-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670:...

IrisNext 跨站脚本漏洞

IRIS IrisNext is a document management solution from IRIS Luxembourg designed to manage, protect and use your company's information. A security vulnerability exists in IrisNext that allows an authenticated or threatened user to inject malicious JavaScript into the application's folder filenames t...