PT-2022-15401 · Ibm · Ibm Application Gateway

Name of the Vulnerable Software and Affected Versions: IBM Application Gateway affected versions not specified Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trust...

Prototype Pollution

express-xss-sanitizer is vulnerable to prototype pollution. The vulnerability exists in require function of sanitize.js because it doesn't properly sanitize the user input data which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

tui-grid is vulnerable to cross-site scripting. The vulnerability exists in multiple functions of default.ts and clipboard.tsx because the inputs are not properly sanitized which allows an attacker to inject and execute arbitrary javascript...

CVE-2022-40778

A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...

GHSA-3JH2-WMV7-M932 LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter

LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance Title parameter. A patch is available and anticipated to be part of version 22.9.0...

CVE-2022-37253

Persistent cross-site scripting XSS in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fix...

CVE-2022-31792

A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fix...

WatchGuard Firebox 跨站脚本漏洞

WatchGuard Firebox is a US-based WatchGuard company that provides comprehensive network security services ranging from traditional IPS, GAV, website/application control and malicious software prevention. A security vulnerability exists in the WatchGuard Firebox and XTM appliances that originates...

WordPress plugin WP-UserOnline 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs + function // Put Javascript code here return '' + The block below shows a valid mermaid code block md mermaid graph TD; A--B; A--C;...

Cross-site Scripting (XSS)

jsoup is vulnerable to cross-site scripting. The vulnerability exists in resolve function in StringUtil.java because the jsoup cleaner is not properly sanitized when SafeList.preserveRelativeLinks is enabled which allows an attacker to inject and execute arbitrary javascript...

CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

CVE-2021-3427

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...

CVE-2021-3427

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...

PYSEC-2022-256

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...

CVE-2021-3427

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...

CVE-2022-30690

A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this...

CVE-2022-32771

A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...