2049 matches found
OPSWAT MetaDefender ICAP Server 跨站脚本漏洞
OPSWAT MetaDefender ICAP Server is an advanced threat protection software for network traffic from OPSWAT, USA. It is used to protect systems and users by examining every file transmitted over a network. A security vulnerability exists in OPSWAT MetaDefender ICAP Server versions prior to 4.13.0. ...
JVN#21213852: Multiple vulnerabilities in EC-CUBE
EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Directory traversal vulnerability CWE-22 - CVE-2022-40199 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N| Base Score: 2.7 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| Base Score:...
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
CVE-2022-35133
A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...
CVE-2022-34618
A stored cross-site scripting XSS vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field...
Veeam Management Pack for Microsoft System Center 跨站脚本漏洞
Veeam Management Pack for Microsoft System Center is an ultra-comprehensive and intuitive extension for System Center from Veeam USA. It supports application-to-host management of VMware vSphere, Microsoft Hyper-V and Veeam Backup & Replication. A security vulnerability exists in Veeam Management...
CVE-2022-20815 Cisco Unified Communications Products Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to...
Zoo Management System 跨站脚本漏洞
PHPGURUKUL Zoo Management System is a zoo management system by Phpgurukul team. A cross-site scripting vulnerability exists in Zoo Management System v1.0, which stems from a lack of checksum filtering of user-supplied data and output in the Add Category feature. The vulnerability can be exploited...
Cross site scripting
A stored cross-site scripting XSS vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file...
CVE-2022-33113
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...
CVE-2022-29296
A reflected cross-site scripting XSS vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting
Overview WordPress Plugin "Modern Events Calendar Lite" provided by Webnus contains a stored cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...
Cross site scripting
A cross-site scripting XSS vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin...
GHSA-C8MX-43CQ-993W EC-CUBE Cross-site scripting vulnerability
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...
Aruba ClearPass Policy Manager 跨站脚本漏洞
Aruba ClearPass Policy Manager is an application of Aruba, Inc. that provides a secure access management system for wireless networks. cross-site scripting is present in Aruba ClearPass Policy Manager versions 6.10.4 and earlier, 6.9.9 and earlier, and 6.8.9-HF2 and earlier. vulnerability. An...
Cross-site Scripting (XSS)
Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...
CVE-2022-27308
A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...
CVE-2022-27330
CVE-2022-27330 describes a cross-site scripting (XSS) vulnerability in the E-Commerce Website v1.0, exploitable through a crafted payload injected into the Product Title field when using the admin URL /public/admin/index.php?add_product. The vulnerability allows execution of arbitrary web scripts...
Cross site scripting
A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...