CVE-2021-41086

jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting XSS attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting...

CVE-2021-41086

CVE-2021-41086 affects the jsuites project. The vulnerability is a DOM-based XSS triggered when clipboard content is pasted into an HTML editor, because part of the clipboard content is written directly to innerHTML. The attacker must entice the user to copy arbitrary content and paste it. Impact...

Jsuites 跨站脚本漏洞

Jsuites is a set of lightweight, commonly used javascript web components. A cross-site scripting vulnerability exists in jsuites, which stems from the lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side code...

Description of the update package for Communications Server 2007 R2, Web Components: March, 2011

Describes a bug that is resolved in the update package for Office Communications Server 2007 R2, Web Components that is dated March 2011.SummaryThis article describes the issue that is fixed in the update package for Microsoft Office Communications Server 2007 R2, Web Components that is dated...

CVE-2019-5314

Some web components in the ArubaOS software are vulnerable to HTTP Response splitting CRLF injection and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability...

Crlf injection

Some web components in the ArubaOS software are vulnerable to HTTP Response splitting CRLF injection and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability...

Description of the update package for Communications Server 2007 R2, Web Components: September 2010

Describes a bug that is resolved in the update package for Office Communications Server 2007 R2, Web Components that is dated September 2010.SummaryThis article describes the issue that is fixed in the update package for Microsoft Office Communications Server 2007 R2, Web Components that is dated...

MS09-043: Vulnerabilities in Microsoft Office Web Components could allow remote code execution

Resolves vulnerabilities in Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page.INTRODUCTIONMicrosoft has released security bulletin MS09-043. To view the complete security bulletin, visit one of the following Microsoft Web sites:Home...

MS09-043: Description of the security update for Office 2003 Web Components and Office XP Web Components in Office 2003: August 11, 2009

MS09-043: Description of the security update for Office 2003 Web Components and Office XP Web Components in Office 2003: August 11, 2009 This update was rereleased to address a problem in which the previous version of the update cannot be installed if Access Runtime 2003 is installed. If the...

MS09-043: Description of the security update for Office 2003 Web Components for the 2007 Office system: August 11, 2009

MS09-043: Description of the security update for Office 2003 Web Components for the 2007 Office system: August 11, 2009 INTRODUCTION Microsoft has released security bulletin MS09-043. To view the complete security bulletin, visit one of the following Microsoft Web sites: Home...

MS12-060: Description of the security update for Office 2003 and Office 2003 Web Components: August 14, 2012

MS12-060: Description of the security update for Office 2003 and Office 2003 Web Components: August 14, 2012 View products that this article applies to.Microsoft has released security bulletin MS12-060. You can view the complete security bulletin by going to one of the following Microsoft website...

Microsoft Lync Server Multiple Vulnerabilities (3089952)

This host is missing an important security update according to Microsoft Bulletin MS15-104. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."...

CVE-2014-4070

Cross-site scripting XSS vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."...

CVE-2014-4070

CVE-2014-4070 is an XSS vulnerability affecting Microsoft Lync Server 2013 (Web Components Server). The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL, stemming from insufficient input sanitization. Multiple connected sources corroborate this, listing Lync ...

CVE-2014-1823

Cross-site scripting XSS vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."...

CVE-2014-1823

CVE-2014-1823 is an XSS vulnerability affecting Microsoft Lync Server 2010 and 2013, specifically in the Web Components Server. A crafted URL containing a valid meeting ID can be used to inject arbitrary web script or HTML remotely. Multiple connected advisories corroborate the issue as an inform...

CVE-2014-1823

Cross-site scripting XSS vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."...

Description of the update package for Lync Server 2010, Web Components Server: April 2011

Describes the bugs that are resolved in the April, 2011 cumulative update package for Lync Server 2010, Web Components Server.SummaryThis article describes the issues that are fixed in the update package for Microsoft Lync Server 2010, Web Components Server that is dated April 2011.This article...

Microsoft Lync Server 2010 reachLocale Parameter XSS

According to its self-reported version number, the version of Web Components Server a component of Microsoft Lync 2010 has a cross-site scripting vulnerability. Input passed to the 'reachLocale' parameter of ReachJoin.aspx is not properly sanitized. An attacker could exploit this by tricking a us...