62 matches found
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser...
Broadcom Symantec SiteMinder 跨站脚本漏洞
Broadcom Symantec SiteMinder is an identity provider and federation system from Broadcom, Inc. It provides access to web applications and portals. A security vulnerability exists in Broadcom Symantec SiteMinder version 12.52. An attacker could exploit this vulnerability to execute malicious HTML...
K24383845: Bootstrap vulnerability CVE-2019-8331
Security Advisory Description In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CVE-2019-8331 Impact An attacker can inject a malicious script into a client browser. Additionally, an attacker can trick a user into running maliciou...
CVE-2023-23949
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...
CVE-2023-23949
CVE-2023-23949 is described across multiple sources as a client-side cross-site scripting vulnerability triggered by an authenticated user supplying malicious HTML/JavaScript, leading to code execution in the victim’s browser. Connected document detail confirms the affected product is Symantec Id...
CVE-2023-23949
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...
CVE-2023-23949
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Protecting customer data is critical for any business accepting online payment information. The Payment Card Industry Data Security Standard PCI DSS, created by leading credit card companies, establishes best practices for protecting consumers' information. By adhering to these standards,...
GHSA-X87M-36G7-6MPW Yii2 Gii Cross-site Scripting vulnerability
Some fields like Message Category requires I18N enabled in Model Generator, CRUD Generator or Form Generator, Author Name in Extension Generator, etc. are being cached without sanitisation of their contents when the Preview button is pressed. This leads to possibility of injecting malicious...
CVE-2022-28450
CVE-2022-28450 affects nopCommerce 4.50.1. It is a Cross-Site Scripting vulnerability in the forum “Text” parameter when creating a new post, caused by insufficient data validation/filtering of user-supplied data. This permits execution of arbitrary JavaScript in the victim’s browser. The provide...
CVE-2022-28450
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...
CVE-2022-27139
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...
多款HP产品跨站脚本漏洞
The HP Color LaserJet Pro M280-M281 and others are products of Hewlett-Packard HP in the U.S.A. The HP Color LaserJet Pro M280-M281 is a printer.The HP Color LaserJet CM4540 MFP CC419A is a multifunction printer.The Hp Color LaserJet Cm4540 Mfp and others are products of Hewlett-Packard Hp USA.Hp...
CVE-2021-32671
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...
@aws-crypto/example-browser (>=0.1.0-preview.1 <=0.1.0-preview.5), @aws-crypto/integration-browser (>=0.2.0-preview.1 <=0.2.0-preview.5) potentially affected by unknown CVE via @aws-crypto/client-browser (=0.1.0-preview.5)
@aws-crypto/client-browser NPM version =0.1.0-preview.5 is affected by a known vulnerability. The following packages have a transitive dependency on @aws-crypto/client-browser and may be impacted: - @aws-crypto/example-browser =0.1.0-preview.1, =0.2.0-preview.1, =0.2.0-preview.5 Source cves:...
JavaScript execution via malicious molfiles (XSS)
Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...
U.S. Dept Of Defense: Reflected Xss in [██████]
Description: Reflected XSS in █████████ due to unsanitized single quote '. Impact An attacker could execute arbitrary javascript, and perform malicious actions ! Step-by-step Reproduction Instructions 1. Used payload: simo%27onfocus=%27confirmdocument.domain%27name=%27simo%27simo 2. Visit the url...
F5 Networks BIG-IP : Bootstrap vulnerability (K24383845)
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CVE-2019-8331 Impact An attacker can inject a malicious script into a client browser. Additionally, an attacker can trick auser into running malicious code. C Tenable, Inc. The...
PT-2019-7202 · Schneider Electric · Modicon Bmxnoe0110 +6
Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon BMXNOC0401 Schneider Electric Modicon BMXNOE0100 Schneider Electric Modicon BMXNOE0110 Schneider Electric Modicon BMXNOE0110H Schneider Electric Modicon BMXNOR0200H Schneider Electric Modicon BMXP342020 Schneider...
Routers2 Cross-Site Scripting Vulnerability
Routers2 is a front-end routing tool. A cross-site scripting vulnerability exists in Routers2 version 2.24. A remote attacker can exploit this vulnerability to inject malicious script into a client browser...