CVE-2022-29359

CVE-2022-29359 affects School Club Application System v0.1. It describes a stored XSS vulnerability in /scas/?page=clubs/application_form&id=7 (or id=7) where an attacker can inject a crafted payload via the firstname parameter to execute arbitrary web scripts/HTML. The issue is confirmed across ...

CVE-2020-22719

Shimo Document v2.0.1 contains a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field...

CVE-2020-18259

ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting XSS vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields...

CVE-2020-23041

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

CVE-2020-19266

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

EyouCms Cross-Site Scripting Vulnerability

EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Hainan Zanzan Network Technology Co. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48496)

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48502)

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

CVE-2020-23209

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module...

CVE-2020-23214

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module...

Cross site scripting

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module...

Cross-site Scripting (XSS)

squirrelmail is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions MIME message that, when opened by a victim, would lead to arbitrary web script execution in the context of...

Cross site scripting

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DO...

Cross-Site Scripting Vulnerability in Multiple TIBCO Products

TIBCO Spotfire Automation Services are products of TIBCO Software, Inc. Spotfire Automation Services is a suite of tools for running automated analyses; Spotfire Professional is a comprehensive analytics platform for all aspects of business analysts and users. Spotfire Professional is a...

ZOHO ManageEngine ServiceDesk Plus HTML Injection Vulnerability

ZOHO ManageEngine ServiceDesk is the United States ZhuoHao ZOHO company's set of web-based help desk HelpDesk and asset management software. An HTML injection vulnerability exists in ManageEngine ServiceDesk Plus 9.2 and prior versions, which stems from the program's inability to adequately filte...

Microsoft Internet Explorer Arbitrary Web Script Execution Vulnerability

Microsoft Internet Explorer is a popular web browser introduced by Microsoft and bundled with the Windows operating system. A security mechanism bypass vulnerability exists in Microsoft Internet Explorer 11 that could allow a remote attacker to execute arbitrary web scripts with privileges via a...

Fortinet FortiOS HTML Injection Vulnerability

Fortinet FortiOS is a set of security operating system developed by the U.S. company Fita Fortinet dedicated to the FortiGate platform, which provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering, anti-spam and other security features. An HTML injection vulnerability exist...

Moderate: Red Hat Security Advisory: Red Hat JBoss Portal 6.1.0 security update

An update for the GateIn Portal component in Red Hat JBoss Portal 6.1.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

CentOS Update for squirrelmail CESA-2012:0103 centos4

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...