CVE-2020-24670

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter...

CVE-2020-24669

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About...

CVE-2020-4855

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457...

CVE-2020-4855

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457...

Cross site scripting

A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the metatitle parameter...

Cross-Site Scripting (XSS)

@scullyio/scully is vulnerable to cross-site scripting XSS. The transfer-state is serialized using JSON.stringify function and subsequently written into the HTML page without sanitization, allowing an attacker to inject arbitrary Javascript code in a user's browser...

Cross-Site Scripting (XSS)

Jenkins is vulnerable to cross-site scripting . An attacker is able to inject and execute arbitrary Javascript in a user's browser via notification bar response content due to lack of output sanitization...

PT-2021-24352 · Tinymce · Tinymce

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.6.0 Description: A stored cross-site scripting vulnerability was discovered in the URL sanitization logic of the core parser, allowing arbitrary JavaScript execution when inserting specially crafted content into th...

Code injection

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

CVE-2020-28464 Remote Code Execution (RCE)

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

Rust Mdmook Cross-Site Scripting Vulnerability

Rust Mdmook is a Rust-based software for building online book applications from Markdown files from the Rust Organization. Rust Mdmook suffers from a cross-site scripting vulnerability that allows an attacker to execute arbitrary JavaScript code on a page...

Vega Cross-Site Scripting Vulnerability

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can use JSON format to describe the data visualization and use HTML5 Canvas or SVG to generate interactive views. A cross-site scripting vulnerability exists in Vega versions...

Cross-Site Scripting (XSS)

vega is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via a malicious Vega expression...

CVE-2020-26296 XSS in Vega

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

CVE-2020-26296

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

Trellix: RXSS in https://jp.mcafee.com/apps/mdm/jp/3.0_asp/

A cross-site scripting XSS vulnerability was discovered in https://jp.mcafee.com/apps/mdm/jp/3.0asp/. The vulnerability was verified in Chrome 87 and Firefox. The vulnerability allowed execution of arbitrary JavaScript code by injecting it into the website's URL...

CVE-2020-26280 XSS in OpenSlides

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...

Code injection

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

OpenAsset Digital Asset Management software 跨站脚本漏洞

Openasset is a digital asset management software for the website building industry from Openasset UK. The OpenAsset Digital Asset Management software product suffers from an XSS injection vulnerability that could allow a remote attacker to inject arbitrary JavaScript or HTML for later rendering b...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2021-02377)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...