CVE-2021-32853 Erxes vulnerable to Cross-site Scripting

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

PT-2023-12185 · Erxes · Erxes

Name of the Vulnerable Software and Affected Versions: Erxes versions 0.22.3 and prior Description: Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting. This results in client-side code execution. The victim must follow a malicious link or be...

CVE-2021-32853 Erxes vulnerable to Cross-site Scripting

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

CVE-2022-42967

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...

Design/Logic Flaw

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...

CVE-2022-42967

Caret is affected by an XSS vulnerability in the Markdown preview mode that allows client-side code execution when a crafted Markdown file is opened. The issue is described across multiple sources as an XSS in Caret’s Markdown viewer, with impact on confidentiality, integrity, and availability of...

Multiple XSS Vulnerabilities in Queue Condition

Description Cross-Site Scripting XSS vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code...

CVE-2022-35554

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-22704)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. cross-site scripting vulnerabilities exist ...

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-22703)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. cross-site scripting vulnerability exists i...

Car Driving School Management System Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Car Driving School Management System, a driving school management system, which stems from the fact that the product's User Enrollment Form does not effectively filter user input data and can be exploited by attackers to The vulnerability causes...

WordPress Dynamic Widgets plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Dynamic Widgets plugin prior to version 1.5.16,...

Taocms Cross-Site Scripting Vulnerability (CNVD-2022-11522)

Taocms is a micro Cms content management system in China. Taocms suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers to execute client-side code...

DayByDay CRM Cross-Site Scripting Vulnerability (CNVD-2022-68549)

DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. A cross-site scripting vulnerability exists in DayByDay CRM. The vulnerability stems from the title field of a new task in the product...

WordPress plugin Wappointment cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Wappointment. The vulnerability...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-100246)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress Plugin Events Manager, which stems from the...

Waimai Super Cms Cross-Site Scripting Vulnerability (CNVD-2022-02739)

Waimai Super Cms is a takeaway ordering system. A cross-site scripting vulnerability exists in waimai Super Cms, which originates from the product's /admin.php?&m=Public&a=login link failing to properly process input data. An attacker could cause client-side code execution through this...

Acronis Cyber Protect 15 Cross-Site Scripting Vulnerability (CNVD-2021-100276)

Acronis Cyber Protect is an application. Provides unified protection for your network by integrating backup, disaster recovery, artificial intelligence-based malware protection, remote assistance and security into a single, reliable tool. Acronis Cyber Protect 15 suffers from a cross-site scripti...

Snipe-IT Cross-Site Scripting Vulnerability (CNVD-2022-19842)

Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the product's web generation page not validating the input data, which could be exploited by an attacker to cause client-side code execution...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. GitLab suffers from a cross-site scripting vulnerability that stems from the la...