CVE-2021-29103 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.

A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a free web-based open source project management application. A stored cross-site scripting vulnerability exists in the "User Access Groups" feature in Rukovoditel version 2.7.2, which can be exploited to execute arbitrary web script or HTML via the 'Name' parameter...

OPENSUSE-SU-2021:0974-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670:...

IrisNext 跨站脚本漏洞

IRIS IrisNext is a document management solution from IRIS Luxembourg designed to manage, protect and use your company's information. A security vulnerability exists in IrisNext that allows an authenticated or threatened user to inject malicious JavaScript into the application's folder filenames t...

CVE-2020-36416

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module...

CVE-2020-36409

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module...

CVE-2020-36414

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL slug" or "Extra" fields under the "Add Article" feature...

PHPList Cross-Site Scripting Vulnerability (CNVD-2021-48871)

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "List Description" field under the "Edit List" module...

Machform Cross-Site Scripting Vulnerability

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A stored cross-site scripting vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments...

osTicket Cross-Site Scripting Vulnerability

osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.12.6. An attacker can exploit this vulnerability via the queue-name parameter in include/class.queue.php...

CVE-2021-32683 XSS through createObjectURL

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

jQuery 1.4.2 <= 1.11.0 XSS Vulnerability

jQuery is prone to a cross-site scripting XSS vulnerability via vectors related to use of the text method inside after. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

SUSE: Security Advisory (SUSE-SU-2019:2092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-36007

AppCMS 2.0.101 in /admin/template/tplapp.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users...

CVE-2021-20723

Reflected cross-site scripting vulnerability in MailForm01 free edition versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27 allows a remote attacker to inject an arbitrary script via unspecified vectors...

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-37197)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the GiveWP...

Emerson Rosemount X-STREAM Gas Analyzer Cross-Site Scripting Vulnerability

The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. A cross-site scripting...

BoostIO Boostnote Cross-Site Scripting Vulnerability

BoostIO Boostnote is a Markdown editor that supports multiple platforms. Boostnote 0.12.1 suffers from a cross-site scripting vulnerability that stems from an export to PDF containing an opportunity for XSS attacks. No detailed vulnerability details are provided at this time...

CVE-2017-17678

BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting XSS. A DOM-based cross-site scripting vulnerability was discovered in a legacy utility...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2021-34744)

TeamCity is a Java-based build management and continuous integration server from JetBrains. A stored cross-site scripting vulnerability exists in several pages in versions of JetBrains TeamCity prior to 2020.2.3. Detailed vulnerability details are not available at this time...