CVE-2022-38200

A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser...

Cross site scripting

A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser...

CVE-2022-38195 BUG-000150540 - Reflected XSS vulnerability in ArcGIS Server

There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

Esri Arcgis Server 跨站脚本漏洞

Esri Arcgis Server is a Web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri. A security vulnerability exists in Esri Arcgis Server versions 10.8.1 and 10.7.1, which stems from a cross-site scripting vulnerability ...

Dependency-Track 安全漏洞

Dependency-Track is an intelligent supply chain component analysis platform for identifying third-party component risks. A security vulnerability exists in versions of Dependency-Track prior to 4.6.1 that stems from not coding or cleaning up the output of Showdown, which allows arbitrary JavaScri...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is a web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri. A cross-site scripting vulnerability exists in Esri ArcGIS Server version 10.9.1 and earlier, which stems from the presence of a...

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient escaping on the Blog Name value. An attacker can manipulate the output and execute arbitrary JavaScript by...

Cross-site scripting vulnerability in Import Files function of multiple Siemens products

Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site scripting vulnerability exists in several Siemens products. The vulnerability stems from an incorrect neutralization of input during web page generation in the Import Files function of the...

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

CVE-2022-41350

In Zimbra Collaboration Suite ZCS 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

Zimbra Collaboration Suite 跨站脚本漏洞

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from the lack of effective filtering...

CVE-2022-41349

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine...

CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42235

A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form...

Cross site scripting

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42236

CVE-2022-42236 affects Merchandise Online Store v1.0. A Stored XSS issue exists in the edit account form that allows injection of arbitrary JavaScript. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE listings) and is associated with a MEDIUM base score (CVSSv3.1: AV:N/AC:...

CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

CVE-2022-42236

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form...

The vulnerability of the Mozilla Firefox browser lies in the insufficient resource control during the processing of XML documents. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the Mozilla Firefox browser is related to insufficient resource control during the processing of XML documents. Exploiting this vulnerability allows a malicious actor to cause service failures, bypass security restrictions, access confidential information, or execute arbitrar...