LightCMS 跨站脚本漏洞

Jianhua Sun LightCMS is an open source application from Jianhua Sun . Jianhua Sun LightCMS v1.3.11 contains a cross-site scripting vulnerability that stems from a lack of user-supplied data and output data validation filtering. An attacker could exploit the vulnerability to execute JavaScript cod...

Shopware 跨站脚本漏洞

Shopware is a German Shopware company's open source e-commerce software. A cross-site scripting vulnerability exists in Shopware versions prior to 5.7.12, which stems from a lack of checksum filtering of user-supplied and output data during login authentication. An attacker can exploit this...

WordPress plugin WordPress Security 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress WordPress Security plugin versions prior to 4.2.1 have a cross-site scripting vulnerability that...

CVE-2022-2105

CVE-2022-2105 affects Secheron SEPCOS Control and Protection Relay. Affected firmware: SEPCOS Single Package before 1.23.22, before 1.24.8, and before 1.25.3. Vulnerability: Improper Enforcement of Behavioral Workflow (CWE-841) allowing bypass of client-side JavaScript controls to change credenti...

CVE-2022-2105 Secheron SEPCOS Control and Protection Relay

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...

CVE-2022-1667 Secheron SEPCOS Control and Protection Relay

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC e.g., from the browser console or by loading the corresponding, browser accessible PHP script...

CVE-2022-1667

CVE-2022-1667 affects Secheron SEPCOS Control and Protection Relay. Vulnerability: client-side JavaScript controls can be bypassed to reboot the PLC via browser console or browser-accessible PHP script, enabling an availability impact. Affects SEPCOS firmware prior to 1.23.21, 1.24.x prior to 1.2...

CVE-2022-1667 Secheron SEPCOS Control and Protection Relay

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC e.g., from the browser console or by loading the corresponding, browser accessible PHP script...

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS, which originates in /dashboard/blocks/stacks/view details. The vulnerability stems from the lack of data validation...

Jenkins 跨站脚本漏洞

Jenkins is an application of the Jenkins open source. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the fact that the help icon does not...

74cms 跨站脚本漏洞

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that originates from the path /company/account/safety/trade lack of data validation filtering of user-supplied data and output. An...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the title attribute and alt attribute not being...

Jenkins Plugin Hidden Parameter 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from a failure to escape the name and description of t...

Red Hat OpenShift 跨站脚本漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat that supports building, testing, deploying, and running applications. JavaScript code on the client side...

NUUO Network Video Recorder 跨站脚本漏洞

NUUO Network Video Recorder is a network video recorder from NUUO in Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo v03.06.02, which can be exploited by an attacker to execute JavaScript code on the client side...

flatCore 跨站脚本漏洞

flatCore is a lightweight content management system CMS based on PHP and SQLite. A cross-site scripting vulnerability exists in flatCore version 2.0.8, which stems from a lack of checksum filtering of user-supplied and output data in the Create New Page option of the index page. An attacker can...

WordPress plugin Slideshow CK 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin. cross-site scripting...

WordPress plugin Video Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of the WordPress Video Slider plugin prior to 1.4.8,...

Jfinal CMS 跨站脚本漏洞

Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as the web framework, template engine with beetl, database with mysql, and front-end bootstrap framework. cross-site scripting vulnerability exists in Jfinal CMS v5.1.0. The vulnerabili...

WordPress Quotes llama plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Quotes llama plugin 0.7 and earlier versions have a cross-site scripting vulnerability that...