Cross-Site Scripting (XSS)

vega is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via a malicious Vega expression...

CVE-2020-26296 XSS in Vega

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

CVE-2020-26296

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

Trellix: RXSS in https://jp.mcafee.com/apps/mdm/jp/3.0_asp/

A cross-site scripting XSS vulnerability was discovered in https://jp.mcafee.com/apps/mdm/jp/3.0asp/. The vulnerability was verified in Chrome 87 and Firefox. The vulnerability allowed execution of arbitrary JavaScript code by injecting it into the website's URL...

CVE-2020-26280 XSS in OpenSlides

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...

The vulnerability of the Adobe Experience Manager content and media management system, related to information disclosure, allows a perpetrator to gain access to protected information.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the browser and gain access to protected information...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

Code injection

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using a specially crafted website...

The vulnerability of the Adobe Connect instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

OpenAsset Digital Asset Management software 跨站脚本漏洞

Openasset is a digital asset management software for the website building industry from Openasset UK. The OpenAsset Digital Asset Management software product suffers from an XSS injection vulnerability that could allow a remote attacker to inject arbitrary JavaScript or HTML for later rendering b...

OpenAsset Digital Asset Management software Cross-Site Scripting Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. A cross-site scripting vulnerability exists in the OpenAsset Digital Asset Management software that originates from allowing remote attackers to inject arbitrary JavaScript or HTML via...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2021-02377)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Cross-Site Scripting (XSS)

MediaWiki is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser by creating a message with javascript:payload xss as a jQuery object with mw.message.parse...

Cross-Site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via post slugs...

Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerabilities in Themify Portfolio Post = 1.1.5 allow low-privileged users Contributor+ to inject arbitrary Javascript code or HTML in posts where the Themify Custom Panel is embedded. PoC 1. As a contributor, go into "Portfolios" tab from the sidebar and create a ne...

DEBIAN-CVE-2020-27783

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...