CVE-2022-43561 Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting XSS. The vulnerability affects instances with Splunk Web enabled...

Cross-Site Scripting (XSS)

apacheairflow is vulnerable to cross-site scripting. The vulnerability is due to the origin query argument in the getsafeurl function of views.py which allows an attacker to inject and execute arbitrary scripts...

CVE-2022-43084

A cross-site scripting XSS vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the vname parameter...

GL.iNet GoodCloud 跨站脚本漏洞

GL.iNet GoodCloud is an IoT device management system from China's Guanglian Zhitong GL.iNet. A cross-site scripting vulnerability exists in GL.iNet GoodCloud version 1.00.220412.00, which stems from the presence of multiple stored cross-site scripting XSS vulnerabilities that could allow an...

USN-5694-1: LibreOffice vulnerabilities

It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. CVE-2022-3140 Thomas Florian discovered that LibreOffice incorrectly...

Cross-Site Scripting (XSS)

github.com/go-gitea/gitea is vulnerable to cross-site scripting. The vulnerability is due to arguments in command.go given to git commands not being properly handled which allows an attacker to inject and execute arbitrary scripts...

DEBIAN-CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

CVE-2022-28982

A cross-site scripting XSS vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag...

CVE-2022-28979

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting XSS vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute...

JEESNS 跨站脚本漏洞

Fuzhou Lingxi Network Technology JEESNS is a social management system based on JAVA enterprise-level platform developed by China's Fuzhou Lingxi Network Technology Company. Relying on enterprise-level JAVA efficiency, security, stability and other advantages , to create a domestic JAVA version of...

TastyIgniter 跨站脚本漏洞

TastyIgniter is a free and open source online ordering software based on the Laravel PHP Framework, designed to allow developers and restaurateurs to enjoy life. A security vulnerability exists in TastyIgniter version v3.5.0. An attacker can exploit this vulnerability to execute arbitrary web...

CVE-2022-2935

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

Cross-Site Scripting (XSS)

exceedone/exment and exceedone/laravel-admin are vulnerable to cross-site scripting. The vulnerability exists because the user inputs are not properly escaped in multiple functions which allows an attacker to inject and execute arbitrary java and SQL scripts...

PukiWiki 跨站脚本漏洞

PukiWiki is a set of Wiki software by Lindsay's personal developer. A security vulnerability exists in PukiWiki versions 1.3.1 through 1.5.3. A remote attacker can exploit this vulnerability to inject arbitrary scripts via unspecified vectors...

CVE-2022-35509

An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information...