Apache JSPWiki 跨站脚本漏洞

Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Apache Foundation. Apache JSPWiki has a security vulnerability that stems from the fact that a carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability that an attacker could...

CVE-2022-1667

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC e.g., from the browser console or by loading the corresponding, browser accessible PHP script...

GHSA-RM24-25XM-9454 Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window...

Organizr 代码问题漏洞

Organizr is a tab management system. Designed to be a one-stop store for server front ends, Organizr versions prior to 2.1.1810 have a file upload vulnerability that stems from the lack of valid validation of uploaded files by the application, which can be exploited by attackers to upload .svg...

showdoc 跨站脚本漏洞

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .aspx file extensions in the application's file upload functionality. An attacker could use this...

Cross-site Scripting (XSS) - Stored in osticket/osticket

Description As it is written on github profile, osTicket is a widely-used open source support ticket system. During source code research I discovered bad uploaded file type check, which is controlled by user. Unauthenticated user can upload malicious html/js file. FROM OWASP:: Cross-Site Scriptin...

CVE-2021-30620

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink...

VMware vRealize Log Insight 跨站脚本漏洞

Vmware VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A cross-site scripting vulnerability exists in VMware vRealize Log Insight that stems from insufficient cleansing of user-supplied data...

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Not every vulnerability h...

PHP Factory MailForm01 跨站脚本漏洞

php factory MailForm01 is a free PHP mail form program from PHP Factory Japan that can be easily installed with just one file. A security vulnerability exists in MailForm01 versions prior to 2021-05-20, which stems from insufficient harmless handling of user-supplied data. An attacker can exploit...

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 OS command injection CWE-78 - CVE-2021-20682 Improper Neutralization of JavaScript input in the...

Vulnerabilities fixed in F5 BIG-IQ

F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...

CVE-2021-21277

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

Remote code execution

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to bypass a security measure and perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers of MIS...

Akamai and Snyk Partnership Creates a Powerful Combination for In-Browser Script Protection

A web experience begins with the sum of the code you created. But it also includes all the code the user is put in contact with when loading your website. This means the attack surface to monitor for web application software threats is not just your code repositories, but the sum of the assets re...

Cross site scripting

The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects...

GraphQL Playground Cross-Site Scripting Vulnerability

GraphQL Playground is a graphical, interactive, in-browser GraphQL IDE Integrated Development Environment based on GraphiQL from Prisma Labs, Germany. A cross-site scripting vulnerability exists in GraphQL Playground graphql-playground-html NPM package. A remote attacker can exploit this...

Sales Force Assistant vulnerable to cross-site scripting

Overview Sales Force Assistant provided by NI Consulting CO.,Ltd. contains a cross-site scripting vulnerability CWE-79. Masanobu Miyagi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2020-26662)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon 'E-mail'. An attacker can exploit the vulnerability ...