Cybozu Garoon 跨站脚本漏洞

A cross-site scripting vulnerability exists in Message in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

Palo Alto Networks Prisma Cloud 跨站脚本漏洞

Palo Alto Networks Prisma Cloud is a comprehensive cloud-native security platform from US-based Palo Alto Networks, Inc. provides cloud security services. Prisma Cloud Compute suffers from a cross-site scripting vulnerability that stems from insufficient innocent handling of user-supplied data. A...

GHSA-H58V-C6RF-G9F7 Cross site scripting in the system log

Impact It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end. Patches Update to Contao 4.9.16 or 4.11.5. Workarounds Disable the system log module in the back end for all users especially admin users. References...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description GET parameter ?plugin= is vulnerable to reflected cross site scripting. Line 17 of pluginconfig.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in pluginconfig.php at line 17. 🕵️‍♂️ Proof...

CVE-2021-35210

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

Design/Logic Flaw

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

CVE-2021-35210

Contao CMS vulnerable to cross-site scripting via the tl_log table. Affected versions are 4.5.x–4.9.x (before 4.9.16) and 4.10.x–4.11.x (before 4.11.5). The vulnerability allows injected code to execute in the browser when the system log is opened in the back end. Remediation: upgrade to Contao 4...

CVE-2021-27887

Cross-site Scripting XSS vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3...

EMC RSA Archer 6.6 < 6.6 P8 / 6.7 < 6.7 P8 / 6.8 < 6.8 P5 / 6.9 < 6.9 SP1 P1 Stored Cross-site Scripting

The version of EMC RSA Archer running on the remote web server is 6.6.x prior to 6.6.0.8 6.6 P8, 6.7.x prior to 6.7.0.8 6.7 P8, 6.8.x prior to 6.8.0.5 6.8 P5 or 6.9.x prior to 6.9.1.1 6.9 SP1 P1. It is, therefore, affected by a stored cross-site scripting vulnerability. A remote authenticated...

Cross site scripting

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...

CVE-2021-3313

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...

Cross-Site Scripting (XSS)

drupal is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the attributename parameter...

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. An unauthenticated remote malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. For this vulnerabilit...

WonderLink Yomi-Search 跨站脚本漏洞

WonderLink Yomi-Search is a WonderLink application. A versatile search engine. A cross-site scripting vulnerability exists in version 4.22 of Yomi-Search Ver4.22, which originates from the ability to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search. ...

Yomi-Search vulnerable to cross-site scripting

Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...

Cross site scripting

Adobe Connect version 11.0.7 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing t...

CVE-2020-24842

PNPSCADA 2.200816204020 allows cross-site scripting XSS, which can execute arbitrary JavaScript in the victim's browser...

Cross site scripting

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser...

Cross site scripting

An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefssmtppsw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. Th...

CVE-2020-29496

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the...