Kangtaike SolarView Compact SV-CPT-MC310 Cross-Site Scripting Vulnerability

Kangtaike SolarView Compact is an application system from Kangtaike, Japan. Kangtaike SolarView Compact SV-CPT-MC310 is vulnerable to cross-site scripting, which can be exploited by attackers to inject arbitrary scripts via unspecified vectors...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22653)

Six Apart Movable Type is an application of Six Apart, Inc. Six Apart Movable Type has a cross-site scripting vulnerability in several of its products, which stems from the lack of proper validation of client data in the WEB application and can be exploited to inject arbitrary scripts via...

Luxion KeyShot Path Traversal Vulnerability

Luxion KeyShot is a software for designing photos of 3D scenes from Luxion USA. The software enables a real-time 3D rendering workflow that displays results immediately and reduces the time required to create photorealistic product photos. A path traversal vulnerability exists in the Luxion KeySh...

File upload vulnerability exists in UCMS (CNVD-2021-21601)

UCMS is a content management system written in PHP. There is a file upload vulnerability in the UCMS backend, which can be exploited by an attacker to upload arbitrary scripts to obtain a website webshell...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22654)

Six Apart Movable Type is an application of Six Apart, Inc. Six Apart Movable Type has a cross-site scripting vulnerability in several of its products, which stems from the lack of proper validation of client data in the WEB application and can be exploited to inject arbitrary scripts via...

CVE-2021-22651

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a...

CVE-2021-20644

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page...

CVE-2021-20644

CVE-2021-20644 affects ELECOM WRC-1467GHBK-A. The vulnerability arises in the web setup page where displaying a specially crafted SSID can cause arbitrary scripts to execute in a user’s browser (cross-site scripting). The connected documents confirm the affected product and the impact as script e...

CVE-2021-20644

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page...

Luxion KeyShot 路径遍历漏洞

Luxion KeyShot is a software for designing photos of 3D scenes from Luxion USA. The software enables a real-time 3D rendering workflow that displays results immediately and reduces the time required to create photorealistic product photos. A path traversal vulnerability exists in the Luxion KeySh...

Mitel MiCollab Cross-Site Scripting Vulnerability (CNVD-2021-07243)

Mitel MiCollab is an enterprise collaboration software and tools platform solution. A cross-site scripting vulnerability exists in NuPoint Messenger Portal for Mitel MiCollab versions prior to 9.2. The vulnerability stems from insufficient input validation. An attacker could exploit the...

CVE-2020-25609

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data...

CVE-2020-25609

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22655)

Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. Six Apart Movable Type Premium is vulnerable to a cross-site scripting vulnerability that could be exploited by a remote authenticated attacker to inject arbitrary scripts via unspecified vectors...

CVE-2020-16030

Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Six Apart Movable Type 跨站脚本漏洞

Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. Six Apart Movable Type Premium is vulnerable to a cross-site scripting vulnerability that could be exploited by a remote authenticated attacker to inject arbitrary scripts via unspecified vectors...

KonaWiki3 cross-site scripting vulnerability

KonaWiki3 is a very simple PHP Wiki engine.KonaWiki3 is vulnerable to cross-site scripting. An attacker can exploit this vulnerability to execute arbitrary scripts on a user's Web browser via specially crafted URLs...

CVE-2020-27193

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

Remote Code Execution (RCE)

Blueman is vulnerable to remote code execution RCE. On systems with ISC DHCP client dhclient, attackers can pass arguments to ip link with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client,...

CVE-2020-5650

Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...