CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

CVE-2022-28982

A cross-site scripting XSS vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag...

CVE-2022-28979

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute...

JEESNS 跨站脚本漏洞

Fuzhou Lingxi Network Technology JEESNS is a social management system based on JAVA enterprise-level platform developed by China's Fuzhou Lingxi Network Technology Company. Relying on enterprise-level JAVA efficiency, security, stability and other advantages , to create a domestic JAVA version of...

TastyIgniter 跨站脚本漏洞

TastyIgniter is a free and open source online ordering software based on the Laravel PHP Framework, designed to allow developers and restaurateurs to enjoy life. A security vulnerability exists in TastyIgniter version v3.5.0. An attacker can exploit this vulnerability to execute arbitrary web...

CVE-2022-2935

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

Cross-Site Scripting (XSS)

exceedone/exment and exceedone/laravel-admin are vulnerable to cross-site scripting. The vulnerability exists because the user inputs are not properly escaped in multiple functions which allows an attacker to inject and execute arbitrary java and SQL scripts...

PukiWiki 跨站脚本漏洞

PukiWiki is a set of Wiki software by Lindsay's personal developer. A security vulnerability exists in PukiWiki versions 1.3.1 through 1.5.3. A remote attacker can exploit this vulnerability to inject arbitrary scripts via unspecified vectors...

CVE-2022-35509

An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information...

CVE-2022-1492

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...

CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System...

XSS Vulnerability in Veeam Management Pack for Microsoft System Center v8

Vulnerability Details A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack...

CVE-2022-33075

A stored cross-site scripting XSS vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors...

CVE-2022-29513

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...

Cisco Catalyst 2940 Series Cross-Site Scripting Vulnerability

Cisco Catalyst is a series of switches from Cisco, Inc. A cross-site scripting vulnerability exists in the Cisco Catalyst 2940 Series, which stems from a failure to properly process user input and generate an error page that could be exploited by an attacker to execute arbitrary scripts on the we...

CVE-2022-1822

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

SPIP 跨站脚本漏洞

SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP version 3.1.13 and prior versions, which originates in /spip.php. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could use...

CVE-2022-27330

A cross-site scripting XSS vulnerability in /public/admin/index.php?addproduct of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field...