3301 matches found
OpenText 跨站脚本漏洞
OpenText Content Server is a secure enterprise mobile content management system. A cross-site scripting vulnerability exists in OpenText Content Server 'multiple', which can be exploited by a remote attacker to introduce arbitrary JavaScript by creating malicious form values that will not be...
Monica 2.19.1 - (last_name) Stored XSS Vulnerability
Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host: 192.168.99.162...
IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2021-11047)
IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A cross-site scripting vulnerability exists in IBM Jaz...
Cross site scripting
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
CVE-2021-21030
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...
CVE-2021-21029 Magento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required...
CVE-2021-21030 Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...
CVE-2020-24842
PNPSCADA 2.200816204020 allows cross-site scripting XSS, which can execute arbitrary JavaScript in the victim's browser...
CVE-2020-24842
PNPSCADA 2.200816204020 allows cross-site scripting XSS, which can execute arbitrary JavaScript in the victim's browser...
Cross-site Scripting (XSS)
roundcube is vulnerable to cross-site scripting XSS. The vulnerability exists through specific CSS token sequences during HTML email rendering which allows an attacker to inject and execute arbitrary javascript...
Adobe Magento Cross-Site Scripting Vulnerability (CNVD-2021-13923)
Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...
Adobe Magento Cross-Site Scripting Vulnerability (CNVD-2021-13917)
Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...
Adobe Magento 跨站脚本漏洞
Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...
Adobe Magento 跨站脚本漏洞
Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...
PT-2021-2328 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation...
ExpressionEngine: Stored XSS filter bypass on discussion forum. "URL" tag.
A vulnerability was identified and fixed that could have allowed attackers to bypass the XSS filter in the discussion forum, enabling arbitrary JavaScript execution in the victim's browser...
ExpressionEngine: Stored XSS filter bypass on discussion forum.
A vulnerability was identified and fixed that could have allowed attackers to bypass the XSS filter in the discussion forum, enabling arbitrary JavaScript execution in the victim's browser...
IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2021-09489)
IBM API Connect is a comprehensive end-to-end API lifecycle solution. A cross-site scripting vulnerability exists in IBM API Connect 10.0.0.0 - 10.0.1.0, 2018.4.1.0 - 2018.4.1.13. An attacker can exploit the vulnerability to embed arbitrary JavaScript code in the web UI that can alter the intende...
U.S. Dept Of Defense: Reflected XSS in https://██████████ via "████████" parameter
Hello Security Team, I would like to report the XSS vulnerability on your system. The ██████████ parameter is not escaped properly for URL encoded values. ██████ Impact An XSS attack allows an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user...
Cross-Site Scripting (XSS)
acs-aem-commons is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser due to insecure handling of invalid JCR characters...