ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to v15.103.1 contained security vulnerabilities. These vulnerabilities stemmed from cross-site scripting in the email template engine. Attackers with permissio...

GHSA-FJ97-2V9X-W5M4 Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

Cross Site Scripting

typo3/cms is vulnerable to Cross Site Scripting. The vulnerability is caused due to a missing sanitization while rendering web page on the browser. This can lead to an authorized editors insert javascript commands by using the url scheme javascript:...

GHSA-P5C5-GMJ4-G48F Cross-Site Scripting (XSS) vulnerability in typolinks

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:"...

Cross-Site Scripting (XSS) vulnerability in typolinks

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:"...

Duplicate Advisory: TYPO3 Cross-Site Scripting vulnerability in typolinks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j5v7-9xr5-m7gx. This link is maintained to preserve external references. Original Description All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert...