CloudBees Jenkins Dashboard View Plugin Cross-Site Scripting Vulnerability (CNVD-2021-36583)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CASAP Automated Enrollment Cross-Site Scripting Vulnerability (CNVD-2021-33521)

CASAP Automated Enrollment is an automated enrollment system organized by CASAP USA. The purpose of the project is to provide an automated enrollment system for CASAP to streamline the process for schools and make it more effective, efficient and easily retrievable. A cross-site scripting...

Security Bulletin: Cross-site scripting vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-8968)

Summary Cross-site scripting vulnerability in the IBM Jazz Foundation affects the following IBM Jazz based Applications: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQ...

Unisys Data Exchange Management Studio Cross-Site Scripting Vulnerability

Unisys Data Exchange Management Studio is a data exchange component from the American company Unisys. A cross-site scripting vulnerability exists in Unisys Data Exchange Management Studio version 5.0.34 and prior versions, which originates from input that is not cleared from HTML document fields,...

Sipwise C5 NGCP CSC Cross-Site Scripting Vulnerability

Sipwise C5 NGCP CSC is an application system from Sipwise Austria. A core system for unified communications solutions. A cross-site scripting vulnerability exists in Sipwise C5 NGCP CSC CEm39.3.1 version and prior versions, which stems from input passed via several parameters to several scripts...

Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=" onMouseOver="alert1;...

SUSE: Security Advisory (SUSE-SU-2016:2511-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

A cross-site scripting XSS vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 and later QTS...

Mike Perham sidekiq cross-site scripting vulnerability

Mike Perham sidekiq is a Mike Perham open source application. Use threads to process many jobs simultaneously in the same process A cross-site scripting vulnerability exists in Mike Perham Sidekiq version 5.1.3 and earlier and 6.x series version 6.2.0 and earlier, which can be exploited by an...

FTAPI Cross-Site Scripting Vulnerability

FTAPI is an end-to-end encrypted file transfer and data room solution with unlimited file size. A cross-site scripting vulnerability exists in the "Background Image" upload function in the "Submit Box Template Editor" in FTAPI 4.0 - 4.10. An attacker can exploit this vulnerability by uploading an...

pki-core: Reflected XSS in getcookies?url= endpoint in CA

A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute...

GHSA-2V5F-23XC-V9QR ansi_up cross-site scripting vulnerability

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

Weseek GROWI 跨站脚本漏洞

GROWI is a team collaboration software. A stored cross-site scripting vulnerability exists in WESEEK GROWI 4.2.2 and earlier versions, which can be exploited by a remote attacker to execute arbitrary script in a user's browser by sending specially crafted content...

IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2021-14749)

IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management with broad coverage from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management. An attacker could explo...

IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-14750)

IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...

GLPI Cross-Site Scripting Vulnerability (CNVD-2021-17778)

GLPI is an open source software for IT equipment management, developed using the PHP language. A cross-site scripting vulnerability exists in GLPI versions prior to 9.5.4 when a logged-in user is updating a work order, and no detailed vulnerability details are available at this time...

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability (CNVD-2021-13473)

Aruba ClearPass Policy Manager is a network access control NAC solution. A stored cross-site scripting vulnerability in the ClearPass web administration interface in versions prior to Aruba ClearPass Policy Manager 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute...

CVE-2021-26678

A remote unauthenticated stored cross-site scripting XSS vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a...

CASAP Automated Enrollment Cross-Site Scripting Vulnerability

CASAP Automated Enrollment is an automated enrollment system organized by CASAP in the United States. The purpose of the project is to provide an automated enrollment system for CASAP to streamline the process for schools and make it more effective, efficient and easily retrievable. A cross-site...

Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2021-13232)

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A cross-site scripting vulnerability exists in the web interface of Cisco Webex Meetings. The vulnerability stems from insufficient validation of user-supplied input in the web interface of the affected service. An...