1440 matches found
Cross site scripting
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19265
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
JEESNS 跨站脚本漏洞
JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the "group comment" text field...
Code injection
This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution...
Code injection
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution...
WordPress 插件 SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress JiangQie versions prior to 1.1.1, which stems from...
CVE-2021-40492
A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...
GHSA-F8PV-X7H8-687V Cross-site scripting in feehicms
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload...
Cross-site scripting in feehicms
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload...
CVE-2020-19709
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload...
CVE-2020-19709
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload...
Cross site scripting
A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19709
CVE-2020-19709 affects feehicms 0.1.3 (PHP-based CMS). The root cause is insufficient filtering of the tag parameter, enabling cross-site scripting that allows attackers to execute arbitrary web pages or HTML via a crafted payload. The connected documents describe XSS in feehicms but do not speci...
CVE-2020-19709
Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload...
DedeCMS arbitrary PHP code execution vulnerability (CNVD-2021-94947)
DedeCMS Weaving Dream Content Management System is an open source content management system that is simple, robust, flexible, and open source. an arbitrary PHP code execution vulnerability exists in the plus/search.php component of DedeCMS 5.7 SP2. The vulnerability stems from the contents of...
CVE-2021-34207
CVE-2021-34207 describes a cross-site scripting vulnerability in TOTOLINK A3002R’s ddns.htm (firmware version V1.1.1-B20200824, new UI). The flaw allows an attacker to inject arbitrary JavaScript by supplying crafted input in the Domain Name, Server Address, User Name/Email, or Password/Key field...
CVE-2020-20988
A cross site scripting XSS vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring Between" parameter...
Code injection
An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution...
Cross site scripting
A stored cross site scripting XSS vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field...