Cross site scripting

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...

CVE-2021-24136 Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location ...

CVE-2020-29029

Improper Input Validation, Cross-site Scripting XSS vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

CVE-2020-29028 Reflected XSS issues

Cross-site Scripting XSS vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

Cross site scripting

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-14787)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that can be exploited by an attacker to embed arbitrary JavaScript code in t...

Monica 2.19.1 - (last_name) Stored XSS Vulnerability

Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host: 192.168.99.162...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2021-11047)

IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A cross-site scripting vulnerability exists in IBM Jaz...

Cross site scripting

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2020-24669

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About...

Cross site scripting

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in = 9.1.0.1...

Cross site scripting

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter...

CVE-2020-24670

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter...

CVE-2020-4855

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457...

Cross-Site Scripting (XSS)

@scullyio/scully is vulnerable to cross-site scripting XSS. The transfer-state is serialized using JSON.stringify function and subsequently written into the HTML page without sanitization, allowing an attacker to inject arbitrary Javascript code in a user's browser...

Code injection

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

CVE-2020-28464 Remote Code Execution (RCE)

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

CVE-2020-26280 XSS in OpenSlides

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using a specially crafted website...

Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerabilities in Themify Portfolio Post = 1.1.5 allow low-privileged users Contributor+ to inject arbitrary Javascript code or HTML in posts where the Themify Custom Panel is embedded. PoC 1. As a contributor, go into "Portfolios" tab from the sidebar and create a ne...