237 matches found
Nortek Control Linear eMerge E3-Series 跨站脚本漏洞
The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in several versions of the Nortek Control Linear eMerge...
PT-2022-22113 · Yii2 Gii · Yii2 Gii
Name of the Vulnerable Software and Affected Versions: Yii2 Gii versions through 2.2.4 Description: The issue allows stored XSS by injecting a payload into any field. Some fields, such as Message Category in Model Generator, CRUD Generator or Form Generator, and Author Name in Extension Generator...
The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2022-3824
The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Bodhi 跨站脚本漏洞
Bodhi is a web-based system used to manage the software update release process for Fedora. A security vulnerability exists in Bodhi version 5.6.1, which can be exploited by an attacker to perform cross-site scripting attacks...
USN-5585-1 jupyter-notebook vulnerabilities
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...
Cross site script
Description 1.Create a new recipe. 2.Edit this recipe and add this payload 3.Save the recipe and reload the recipe page...
GHSA-9XFC-J5MF-9W5P JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion XSSI attack...
CVE-2021-20843
The CVE-2021-20843 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210). Root cause: Cross-site script inclusion in the Web GUI that can allow an authenticated user to alter settings via a crafted page. Verified fixes are firmware updates: RTX830 Rev.15.02.20; NVR510 Rev.15.01.21; NVR700W Re...
Mozilla Firefox Security Advisory (MFSA2015-122) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-20797
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...
Cross site scripting
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...
CVE-2021-20797
CVE-2021-20797 is a cross-site script inclusion vulnerability in the Cybozu Remote Service management UI (CWE-829) affecting Cybozu Remote Service versions around 3.1.8 (and 3.1.9 per related documentation). The issue allows a remote authenticated attacker to obtain information stored in the prod...
CVE-2021-20797
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...
JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service
Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N| Base Score:...
jforum 2.7.0 Cross Site Scripting
hi, I found a vulnerability in the jforum 2.7.0. It is a storage cross site script vulnerability. The place is the user's profile - signature. The technique of the vulnerability is the same as that described in this article "STORED CROSS SITE SCRIPTING IN BBCODE"...
CVE-2021-22936
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...
CVE-2021-22936
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
CVE-2021-36214
LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView...