CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

Cross site scripting

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

Esri Portal For ArcGis 跨站脚本漏洞

Esri Portal For ArcGis is a component of Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal For ArcGis versions 10.8.1 and earlier, which stems from the presence of a...

CVE-2021-42751

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

CVE-2021-42750

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node...

Cross site scripting

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node...

Cross site scripting

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

CVE-2021-42750

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node...

Zimbra Collaboration Suite 跨站脚本漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite ZCS version 8.8.15. An attacker could exploit this vulnerability to...

CVE-2022-37044

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine...

Cross Site Scripting (XSS)

Microweber is vulnerable to stored Cross Site Scripting. The vulnerability is due to improper sanitization in the product category title field. An authenticated attacker can add or modify a category, adding an Iframe script tag to the title that will run arbitrary Javascript whenever a user visit...

Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references. Original Description An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even...

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

Authorization

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

PT-2022-18005 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD SCRIPTS feature is disabled. Recommendations: At the...

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that originates from the SAML protocol mapper uploading arbitrary Javascript...

CVE-2022-36967

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...

Cross site scripting

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...