PT-2022-24286 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9.1 and below Description: The issue is related to a reflected XSS vulnerability that may allow a remote, unauthenticated attacker to create a crafted link. When clicked, this link could execute arbitrary...

IBM Security Verify Governance Identity Manager Cross-Site Scripting Vulnerability

IBM Security Verify Governance Identity Manager is an IBM network appliance-based integration that focuses on business-centric rules, activities, and processes. version 10.0.1 of IBM Security Verify Governance Identity Manager is vulnerable to A cross-site scripting vulnerability exists. An...

GHSA-9P8J-HRGF-JC2G Apache Zeppelin Cross-site Scripting vulnerability

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported...

Apache Zeppelin Cross-site Scripting vulnerability

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported...

Cross site scripting

IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

IBM Cloud Transformation Advisor 跨站脚本漏洞

IBM Cloud Transformation Advisor is a freely available development tool from International Business Machines IBM. It helps you quickly evaluate native Java for deployment to the cloud for EE applications. A cross-site scripting vulnerability exists in IBM Cloud Transformation Advisor versions 2.0...

ThinkCMF 跨站脚本漏洞

ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF version 6.0.7, which stems from susceptibility to a stored cross-site scripting XSS vulnerability. An attacker can exploit this vulnerability to execute arbitrary JavaScript code...

CVE-2022-31777

A stored cross-site scripting XSS flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI...

GHSA-PP74-G2Q5-J4JF Silverstipe CMS Stored XSS in custom meta tags

A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut. This requires CMS access to exploit...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to cross-site scripting. The vulnerability exists in update function of UserController.php because the username is not properly sanitized in the admin user overview which allows an attacker to inject and execute arbitrary javascript...

CVE-2022-4068 Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms

A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary...

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

Splunk 跨站脚本漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

Apache Spark 注入漏洞

Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...

CVE-2022-38200

A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser...

CVE-2022-38198

There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38200

A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser...

Cross site scripting

A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser...