Google Chrome < 95.0.4638.69 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 95.0.4638.69. It is, therefore, affected by multiple vulnerabilities as referenced in the 202110stable-channel-update-for-desktop28 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69...

Cross site scripting

Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...

Cross site scripting

The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/jobsfunction.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions ...

WordPress 跨站脚本漏洞

WordPress plugin is a WordPress open source application plugin. WordPress plugin HAL has a cross-site scripting vulnerability that originates from several parameters in the /wp-hal.php file leading to insufficient input validation and cleanup, which can be exploited by an attacker with...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin KJM Admin Notices, which stems from insufficient input validation and cleanup of several parameters found in the /admin/class-kjm-admin-notices-admin.php file,...

Apache Superset up和Apache Superset 跨站脚本漏洞

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...

Cybozu Remote Service Cross-Site Scripting Vulnerability (CNVD-2021-78762)

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a cross-site scripting vulnerability exists in the Cybozu Remote Service management interface. A remote authenticated attacker can use this vulnerability to inject arbitrary scripts...

Cybozu Remote Service Cross-Site Scripting Vulnerability

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a cross-site scripting vulnerability exists in the Cybozu Remote Service management interface. A remote attacker can use this vulnerability to inject arbitrary scripts...

Cross-Site Scripting (XSS)

prestashop/pslinklist is vulnerable to cross-site scripting. The vulnerability exists because the custom URLs are not validated in 'buildForm' function in 'CustomUrlType.php' allowing a malicious attacker to inject arbitrary scripts...

Apache NiFi OS Command Injection Vulnerability

Apache NiFi is a data processing and distribution system from the Apache Foundation in the United States. The system is primarily used for data routing, transformation, and system mediation logic. versions prior to Apache NiFi MiNiFi C version 0.5.0 have security vulnerabilities that allow an...

CVE-2020-21494

A cross-site scripting XSS vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0...

CVE-2020-23481

CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field...

Cross site scripting

The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...

CVE-2020-19265

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19266

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

JEESNS 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the system error message text field...

The vulnerability of the PopojiCMS content management system arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary web or HTML scripts.

The vulnerability in the /admin.php?mod=user&act=addnew function of the PopojiCMS content management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary web or HTML scripts by using a special...

CVE-2021-34645

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0...

Cross site request forgery (csrf)

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the savecurrencysettings function found in the /admin/inc/wpeasycartadmininitialsetup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0...

CVE-2021-34666 Add Sidebar <= 2.0.0 Reflected Cross-Site Scripting

The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the /wpsidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0...