The vulnerability in the implementation of the SVG <use> element in the Mozilla Firefox browser allows a malicious actor to execute arbitrary JavaScript code.

The vulnerability of the SVG element implementation in Mozilla Firefox is related to security configuration errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

CVE-2022-38192

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 11.6. An attacker can exploit this vulnerability to execute arbitrary Javascript via a specially crafted HTTP request...

WWBN AVideo image403 cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1539 WWBN AVideo image403 cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-30690 SUMMARY A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

Cross site scripting

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...

Esri Portal For ArcGis 跨站脚本漏洞

Esri Portal For ArcGis is a component of Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal For ArcGis versions 10.8.1 and earlier, which stems from the presence of a...

CVE-2021-42751

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

CVE-2021-42750

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node...

Cross site scripting

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node...

Cross site scripting

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

CVE-2021-42750

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the title of a rule node...

Zimbra Collaboration Suite 跨站脚本漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite ZCS version 8.8.15. An attacker could exploit this vulnerability to...

CVE-2022-37044

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine...

Cross Site Scripting (XSS)

Microweber is vulnerable to stored Cross Site Scripting. The vulnerability is due to improper sanitization in the product category title field. An authenticated attacker can add or modify a category, adding an Iframe script tag to the title that will run arbitrary Javascript whenever a user visit...

Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references. Original Description An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even...