Cross-site Scripting (XSS)

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. Detail...

Cross site scripting

Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...

UBUNTU-CVE-2021-22260

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...

CVE-2021-22260

Removed by vendor...

CVE-2021-38407

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2021-84238)

IBM InfoSphere Information Server is a data integration platform from IBM Corporation in the United States. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server has a security vulnerability that allows users to embed arbitrary...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Text' option of the 'datepicker.js' widget is not properly handled allowing a malicious attacker to send and execute arbitrary Javascript...

Cross-site Scripting (XSS)

jQuery-UI is vulnerable to cross-site scripting. The value of 'of' option of the '.position' in 'position.js' is not properly encoded, which allows a malicious attacker to inject and execute arbitrary Javascript...

Snipe-IT Cross-Site Scripting Vulnerability (CNVD-2022-19844)

Snipe-IT is an open source IT asset/license management system. Snipe-IT suffers from a cross-site scripting vulnerability that stems from the fact that the program is vulnerable to incorrect input during web page generation, which could be exploited by an attacker to execute arbitrary JavaScript...

Snipe-IT 跨站脚本漏洞

Snipe-IT is an open source IT asset/license management system. Snipe-IT suffers from a cross-site scripting vulnerability that stems from the fact that the program is vulnerable to incorrect input during web page generation, which could be exploited by an attacker to execute arbitrary JavaScript...

Nagios XI 跨站脚本漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A reflective cross-site scripting vulnerability exists in the generic user interface of versions of Nagios XI prior to 5.8.4. An...

IBM Sterling File Gateway Cross-Site Scripting Vulnerability (CNVD-2021-78438)

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.IBM Sterling File Gateway versions 2.2.0.0-5.2.6.54, 6.0.0.0-6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.2...

CVE-2021-33849

A Cross-Site Scripting XSS attack can cause arbitrary code JavaScript to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload...

CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

CVE-2021-22261

Removed by vendor...

CVE-2021-39878

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...