Adobe Magento Cross-Site Scripting Vulnerability (CNVD-2021-13923)

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

Adobe Magento Cross-Site Scripting Vulnerability (CNVD-2021-13917)

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

Adobe Magento 跨站脚本漏洞

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

PT-2021-2328 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation...

Adobe Magento 跨站脚本漏洞

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

ExpressionEngine: Stored XSS filter bypass on discussion forum. "URL" tag.

A vulnerability was identified and fixed that could have allowed attackers to bypass the XSS filter in the discussion forum, enabling arbitrary JavaScript execution in the victim's browser...

ExpressionEngine: Stored XSS filter bypass on discussion forum.

A vulnerability was identified and fixed that could have allowed attackers to bypass the XSS filter in the discussion forum, enabling arbitrary JavaScript execution in the victim's browser...

IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2021-09489)

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A cross-site scripting vulnerability exists in IBM API Connect 10.0.0.0 - 10.0.1.0, 2018.4.1.0 - 2018.4.1.13. An attacker can exploit the vulnerability to embed arbitrary JavaScript code in the web UI that can alter the intende...

U.S. Dept Of Defense: Reflected XSS in https://██████████ via "████████" parameter

Hello Security Team, I would like to report the XSS vulnerability on your system. The ██████████ parameter is not escaped properly for URL encoded values. ██████ Impact An XSS attack allows an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user...

Cross-Site Scripting (XSS)

acs-aem-commons is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser due to insecure handling of invalid JCR characters...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-09038)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI to chang...

CVE-2020-13562

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template aclid parameter...

CVE-2020-13563

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template groupid parameter...

Cross site scripting

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template aclid parameter...

CVE-2020-13562

CVE-2020-13562 – phpGACL 3.3.7 XSS vulnerabilities. Multiple cross‑site scripting flaws exist in the template rendering paths of phpGACL 3.3.7, enabling arbitrary JavaScript execution via unescaped user input in template actions (e.g., action, group_id, acl_id). Documented vectors include admin/a...

CVE-2020-24669

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About...

Cross site scripting

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in = 9.1.0.1...

Cross site scripting

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter...