Braintree sanitize-url 跨站脚本漏洞

Braintree sanitize-url is an open source URL cleanup from Braintree, Inc. A cross-site scripting vulnerability exists in versions prior to Braintree sanitize-url 6.0.0, which stems from a lack of user-supplied data and output data validation filtering in the sanitizeUrl function. An attacker coul...

SmarterTools SmarterTrack 跨站脚本漏洞

SmarterTools SmarterTrack is a customer service software from SmarterTools UK. SmarterTools SmarterTrack version 100.0.8019.14010 is vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker cou...

CVE-2021-44032

TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For...

Hospital Management System Cross-Site Scripting Vulnerability (CNVD-2022-67484)

HealthNode Hospital Management System is a hospital management system. The system includes patient information management, ward management, surgery schedule management and financial management, etc. A cross-site scripting vulnerability exists in Hospital Management System v1.0, which stems from t...

WordPress EditableTable plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress EditableTable plugin versions prior to 0.1.4 have a cross-site scripting vulnerability that stems from the...

Grav 跨站脚本漏洞

Grav is a scalable CMS content management system for personal blogs, small content publishing platforms, and single-page product displays. cross-site scripting vulnerabilities exist in versions prior to Grav 1.7.31, which stem from the application's lack of data validation filtering of...

JetBrains YouTrack 跨站脚本漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. A cross-site scripting vulnerability exists in previous versions of JetBrains YouTrack 2021.4.36872, which stems from the lack of data validation filtering of user-supplied data and...

XWiki Platform Cross-Site Scripting Vulnerability (CNVD-2022-13407)

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output in registerinline, which could be...

WordPress Ninja Tables plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. WordPress Ninja Tables plugin has a cross-site scripting vulnerability in versions prior to 4.1.8. The vulnerability stems from the plugin not cleaning and escaping some of its table fields, which could...

Xwiki Platform 跨站脚本漏洞

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output in registerinline, which could be...

Grav 跨站脚本漏洞

A cross-site scripting vulnerability exists in versions of Grav prior to 1.7.28, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side...

IBM i 跨站脚本漏洞

IBM i is a set of operating systems from IBM in the United States that run on IBM Power Systems and IBM PureSystems. A cross-site scripting vulnerability exists in IBM i. The vulnerability stems from the product not validating user-supplied data. An attacker could exploit the vulnerability to...

WordPress Gwolle Guestbook Plugin Cross-Site Scripting Vulnerability (CNVD-2021-103362)

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Gwolle Guestbook plugin has a cross-site scripting vulnerability in versions prior to 4.2.0, which stems from...

IBM OPENBMC OP910 跨站脚本漏洞

IBM OPENBMC is a POWER8 and POWER9 emulator from International Business Machines Corporation Ibm. IBM OPENBMC has a cross-site scripting vulnerability in version OP910 that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability...

Delta Electronics DIAEnergie 跨站脚本漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

Crafter CMS 跨站脚本漏洞

Crafter CMS is an open source content management system CMS for digital experience applications.A cross-site scripting vulnerability exists in Crafter CMS, which stems from a lack of data validation filtering of user-supplied data and output. An attacker with a Site role could exploit the...

Hexo 跨站脚本漏洞

Hexo is a fast, simple and powerful blogging framework from the personal developer Tommy Chen in China. Hexo suffers from a cross-site scripting vulnerability that stems from Hexo's lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress Tutor LMS plugin in versions prior to 1.9.9 has a cross-site scripting vulnerability, which stems from the plugin's...

PeerTube 跨站脚本漏洞

PeerTube is a decentralized video sharing service platform. Peertube has a cross-site scripting vulnerability in versions prior to v3.4.0, which stems from the application's lack of user input data validation and filtering of the data at the input location, and could be used by an attacker to...

Deskpro Cross-Site Scripting Vulnerability

Deskpro is a suite of helpdesk software from Deskpro UK. The software includes a customer relationship management component, among other things, and offers features such as e-mail, live chat, and voice. A cross-site scripting vulnerability exists in Deskpro cloud and on-premise Deskpro in version...