Sipwise C5 NGCP CSC Cross-Site Scripting Vulnerability

Sipwise C5 NGCP CSC is an application system from Sipwise Austria. A core system for unified communications solutions. A cross-site scripting vulnerability exists in Sipwise C5 NGCP CSC CEm39.3.1 version and prior versions, which stems from input passed via several parameters to several scripts...

Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=" onMouseOver="alert1;...

SUSE: Security Advisory (SUSE-SU-2016:2511-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

A cross-site scripting XSS vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 and later QTS...

Mike Perham sidekiq cross-site scripting vulnerability

Mike Perham sidekiq is a Mike Perham open source application. Use threads to process many jobs simultaneously in the same process A cross-site scripting vulnerability exists in Mike Perham Sidekiq version 5.1.3 and earlier and 6.x series version 6.2.0 and earlier, which can be exploited by an...

FTAPI Cross-Site Scripting Vulnerability

FTAPI is an end-to-end encrypted file transfer and data room solution with unlimited file size. A cross-site scripting vulnerability exists in the "Background Image" upload function in the "Submit Box Template Editor" in FTAPI 4.0 - 4.10. An attacker can exploit this vulnerability by uploading an...

pki-core: Reflected XSS in getcookies?url= endpoint in CA

A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute...

GHSA-2V5F-23XC-V9QR ansi_up cross-site scripting vulnerability

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

Weseek GROWI 跨站脚本漏洞

GROWI is a team collaboration software. A stored cross-site scripting vulnerability exists in WESEEK GROWI 4.2.2 and earlier versions, which can be exploited by a remote attacker to execute arbitrary script in a user's browser by sending specially crafted content...

IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-14750)

IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...

IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2021-14749)

IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management with broad coverage from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management. An attacker could explo...

GLPI Cross-Site Scripting Vulnerability (CNVD-2021-17778)

GLPI is an open source software for IT equipment management, developed using the PHP language. A cross-site scripting vulnerability exists in GLPI versions prior to 9.5.4 when a logged-in user is updating a work order, and no detailed vulnerability details are available at this time...

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability (CNVD-2021-13473)

Aruba ClearPass Policy Manager is a network access control NAC solution. A stored cross-site scripting vulnerability in the ClearPass web administration interface in versions prior to Aruba ClearPass Policy Manager 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute...

CVE-2021-26678

A remote unauthenticated stored cross-site scripting XSS vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a...

CASAP Automated Enrollment Cross-Site Scripting Vulnerability

CASAP Automated Enrollment is an automated enrollment system organized by CASAP in the United States. The purpose of the project is to provide an automated enrollment system for CASAP to streamline the process for schools and make it more effective, efficient and easily retrievable. A cross-site...

Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2021-13232)

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A cross-site scripting vulnerability exists in the web interface of Cisco Webex Meetings. The vulnerability stems from insufficient validation of user-supplied input in the web interface of the affected service. An...

Security Updates for Microsoft Dynamics 365 Business Central (Feb 2021)

The Microsoft Dynamics 365 Business Central install is missing a security update. It is, therefore, affected by a cross site scripting XSS vulnerability due to improper validation of user-supplied input. An authenticated attacker can exploit this, by entering specially crafted URLs in the Links a...

Micro Focus Application Performance Management Cross-Site Scripting Vulnerability

Micro Focus Application Performance Management is an application monitoring and management solution that lets you isolate any problems with all your applications - on-premise, cloud and mobile - in real time. A cross-site scripting vulnerability exists in Micro Focus Application Performance...

Cisco Finesse Cross-Site Scripting Vulnerability (NVD-C-2021-11018)

Cisco Finesse is a set of call center management software from the U.S. company Cisco Cisco. Cisco Finesse suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data in the WEB application, which can be exploited by an attacker to execute client...

Cisco RV110W/RV130/RV130W/RV215W Cross-Site Scripting Vulnerability

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A stored cross-site scripting vulnerability exists in the Web management interface of the Cisco...