PT-2022-22029 · Ibm · Ibm Cics Tx Standard +1

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard and Advanced version 11.1 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Th...

CVE-2022-34160

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...

CVE-2021-20543

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929...

CVE-2022-27238

BigBlueButton version 2.4.7 or earlier is vulnerable to stored Cross-Site Scripting XSS in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to t...

Cross site scripting

BigBlueButton version 2.4.7 or earlier is vulnerable to stored Cross-Site Scripting XSS in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to t...

CVE-2022-27238

BigBlueButton version 2.4.7 or earlier is vulnerable to stored Cross-Site Scripting XSS in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to t...

Cross site scripting

A Stored Cross-Site Scripting XSS vulnerability was discovered in Messenger/messengerajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title aka newtitle field when editing an existing conversation. The payload executes in the browser...

CVE-2022-29618

Due to insufficient input validation, SAP NetWeaver Development Infrastructure Design Time Repository - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...

GHSA-HPRR-4VFQ-FCXW Plone XSS in User Fullname Property and File Upload

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...

Gitea XSS Vulnerability

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

Camaleon CMS Stored Cross-site Scripting vulnerability

In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of specific input fields. An attacker can inject malicious scripts that are executed in the context of the user's browser session by crafting malicious input. Details Cross-site scriptin...

INTER-Mediator Cross-Site Scripting (XSS)

Multiple Cross-Site Scripting XSS issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data c and cred passed to the "INTER-Mediator-master/AuthSupport/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML...

RSA Archer 跨站脚本漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all of our enterprise assets, as well as some of the monitored information, and organize it into a unified platform,...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57822)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which stems from the events.php file displaying the 'limit' parameter value without arbitrar...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57837)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and prior versions, which can be exploited by remote attackers to execute scripts in the user's browser...

Cross-site Scripting in showdoc/showdoc

ShowDoc is a tool greatly applicable for an IT team to share documents online. showdoc/showdoc allows .properties files to upload which lead to stored XSS in versions prior to 2.10.4. This allows attackers to execute malicious scripts in the user's browser. This issue was patched in version 2.10....

Cross-site Scripting (XSS)

remdex/livehelperchat is vulnerable to stored cross-site scripting. The vulnerability exists in msgobjlist.tpl.php which allows an attacker to inject and execute arbitrary scripts, which gets executed by browser viewing...

CVE-2021-43764 Adobe Experience Manager Stored XSS in the Spin Set

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

Cross-site Scripting (XSS)

Overview npx-server is a simple HTTP server with autoindexing of directories, custom one file controllers system which logic is, reloading without reloading server, reloading browser hotloader if one of files on the hard drive changed, everything shipped in one .js file with no dependencies and o...