CampCodes Sales and Inventory System 注入漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in version 1.0 of the CampCodes Sales and Inventory System, which stems from SQL injection due to incorrect manipulation of the parameter cid in the file...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating collaborative Web applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform version 6.2-milestone-1 and earlier, which stems from a vulnerability that allows an attacker to spoof a URL to inject...

CVE-2022-47968

Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. The stored XSS will be triggered in the "Application list" page...

PT-2022-28097 · Unknown · Heimdall Application Dashboard

Name of the Vulnerable Software and Affected Versions: Heimdall Application Dashboard versions 2.5.4 and earlier Description: The issue allows for reflected and stored Cross-Site Scripting XSS attacks via the Application name variable to the "Add application" page. The stored XSS will be triggere...

Heimdal 跨站脚本漏洞

Heimdal is a Kerberos implementation and security program from Heimdal Open Source. Heimdall Application Dashboard version 2.5.4 before the security vulnerability , the vulnerability stems from its Add application page of the Application name section allows an attacker to achieve reflective...

Symfony Host Header Injection vulnerability in the HttpFoundation component

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to...

CVE-2020-18469

Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...

CVE-2020-18469

Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...

Cross site scripting

Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...

CVE-2021-38583

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting XSS on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp with view= and data=...

openBaraza HCM 跨站脚本漏洞

openBaraza HCM is a comprehensive HR and Talent Management software solution that encompasses not only traditional core HR functionality, but also key aspects of Talent Management. A cross-site scripting vulnerability exists in openBaraza HCM that stems from openBaraza HCM not properly escaping...