Siemens RUGGEDCOM ROS Improper Control of Generation of Code (CVE-2022-34663)

Affected devices are vulnerable to a web-based code injection attack via the console. An attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected device. This plugin only works wit...

Exploit for Code Injection in Microsoft

It is an offensive tool for web exploitation. The repository con...

Pegasystem PEGA Platform 跨站脚本漏洞

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM business process management, case management, real-time decision making and CRM customer relationship management.Pegasystem PEGA Platform has a...

The vulnerability of the KTS “Lighthouse” web interface, which stems from the lack of measures to sanitize input data, allows a perpetrator to inject any desired web script or HTML code.

The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to inject arbitrary web scripts or HTML code...

CVE-2020-26225

CVE-2020-26225 affects PrestaShop Product Comments. The vulnerability is a reflected cross-site scripting (XSS) flaw in the module’s handling of links, allowing an attacker to inject and execute malicious code in a user’s browser through a malicious link. Impact is described as enabling code exec...

The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite allows a hacker to execute HTML code.

The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite antivirus tool exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code into the user’s...

Atlassian Universal Plugin Manager Cross-Site Scripting Vulnerability

Atlassian Universal Plugin Manager is a set of tools from Atlassian Australia for managing add-ons in Atlassian applications. A cross-site scripting vulnerability exists in the NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager versions prior to 2.22.9. A remote...

The vulnerability of the McAfee VirusScan Enterprise anti-virus software allows a intruder to inject arbitrary Web or HTML code.

The vulnerability of the McAfee VirusScan Enterprise antivirus software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...

The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted U...

The vulnerability of WebSphere Application Server application servers allows attackers to inject arbitrary Web or HTML code.

The vulnerability of the OpenID Connect client-side web application server provided by WebSphere Application Server exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using ...

The vulnerabilities in the Moodle learning management system allow a hacker to inject arbitrary Web or HTML code.

The multiple vulnerabilities of the Moodle learning management system’s SCORM module exist due to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to inject arbitrary Web or HTML code using a specially created name for the...

The vulnerabilities in the Moodle learning management system allow a hacker to inject arbitrary Web or HTML code.

Multiple vulnerabilities exist in the Moodle learning management system module, due to the lack of measures taken to protect the website structure. Exploitation of these vulnerabilities allows attackers to inject arbitrary Web or HTML code, through the use of the “student” role and a specially...

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary Web or HTML code.

The vulnerability of the Process Portal component of the Business Process Manager system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted URL...

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary Web or HTML code.

The vulnerability of the Document List control implementation in the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted URL...

The vulnerability of the Adobe Connect instant messaging program allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the Adobe Connect instant messaging program exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using request parameters...

The vulnerabilities of the Cisco Identity Services Engine, a platform for managing network policies, allow attackers to inject arbitrary Web or HTML code.

The Cisco Identity Services Engine’s management platform has multiple vulnerabilities due to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to inject arbitrary Web or HTML code through GET or POST requests...

The vulnerability of Microsoft SharePoint Foundation software allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of Microsoft SharePoint Foundation software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially created request...

The vulnerability of the Windows operating system, which allows a hacker to inject arbitrary web or HTML code

The vulnerability of the Active Directory service for Windows operating systems exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code by manipulating the wct parameter...

The vulnerability of Microsoft Exchange Server servers allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the Outlook Web Access OWA component of the Microsoft Exchange Server email server exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially...

The vulnerability of Microsoft Exchange Server servers allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the Outlook Web Access OWA component of the Microsoft Exchange Server email server exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially...