Fortinet FortiAnalyzer Cross-Site Scripting Vulnerability (CNVD-2021-84244)

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability (CNVD-2021-76088)

PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS that stems from the failure of the website field of the product's podcast comment feature to properly...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-100233)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . The WordPress Post Title Counter plugin suffers from a...

DELL Dell EMC iDRAC9 Cross-Site Scripting Vulnerability (CNVD-2021-94891)

DELL Dell EMC iDRAC9 is a system management solution comprising hardware and software from Dell USA. The solution provides remote management, crash system recovery and power control for Dell PowerEdge systems. A cross-site scripting vulnerability exists in Dell EMC iDRAC9 in versions prior to...

Arcgis Server Services Stored Cross-Site Scripting Vulnerability

Arcgis Server is the United States Esri company's a Web-oriented can be used to provide geographic location services, enterprise-class software platform. A stored cross-site scripting vulnerability exists in the Arcgis Server Services Directory, which arises from the platform not validating user...

IceWarp WebClient Cross-Site Scripting Vulnerability

Icewarp IceWarp WebClient is a web-based mail service client from IceWarp Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient, which stems from the P4 field of the product's Webmail Calender feature not validating user input data. The vulnerability can be exploited to execut...

QNAP Qcenter Cross-Site Scripting Vulnerability

Qnap Systems QCenter is a centralized management platform from China Weilian Qnap Systems that allows you to consolidate the management of multiple QNAP NAS. A cross-site scripting vulnerability exists in QNAP Qcenter in version 1.11.1004 and earlier versions, which stems from the product's lack ...

WordPress plugin Smart Slider 'name' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in the WordPress plugin Smart Slider 'name',...

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-40769)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab tha...

PageLayer Cross-Site Scripting Vulnerability

PageLayer is a WordPress page builder plugin. It is very easy to use and lightweight on the browser. A cross-site scripting vulnerability exists in PageLayer, which stems from a lack of proper validation of client-side data in PageLayer prior to 1.3.5. An attacker can exploit this vulnerability t...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-41081)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the...

noobaa-core cross-site scripting vulnerability

noobaa-core is the application that provides an S3 object storage interface with flexible tiering, mirroring, and distributed placement policies for any storage resource that allows GET/PUT, including S3, GCS, Azure Blob File System, and more. A cross-site scripting vulnerability exists in...

CVE-2021-22195

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system...

CVE-2021-22195

CVE-2021-22195 affects the GitLab VSCode extension (gitlab-vscode-extension) v3.15.0 and earlier. It enables client-side code execution, allowing an attacker to run code on the user’s system. The connected documents corroborate vulnerable component and impact but do not provide exploit steps, spe...

Micro Focus Solutions Business Manager Cross-Site Scripting Vulnerability (CNVD-2021-17221)

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. A cross-site...

F5 BIG-IP AFM Cross-Site Scripting Vulnerability (CNVD-2021-13213)

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A cross-site scripting vulnerability exists in BIG-IP AFM, which originates from the lack of proper validation of client data by a WEB application. An attacker can exploit this vulnerability to execute...

Open Build Service Cross-Site Scripting Vulnerability

Open Build Service OBS is a general-purpose system for building and distributing packages from source code in an automated, consistent, and repeatable manner, organized by the Open Build Service. A cross-site scripting vulnerability exists in Open Build Service that stems from a lack of proper...

Apache MyFaces Cross-Site Request Forgery Vulnerability

Apache MyFaces Trinidad is a U.S. Apache Apache Foundation contains a large number of enterprise-class component libraries and support for attachment JSF framework. A cross-site request forgery vulnerability exists in Apache MyFaces. The vulnerability stems from a lack of proper validation of...

F5 BIG-IP AFM 跨站脚本漏洞

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A cross-site scripting vulnerability exists in BIG-IP AFM, which originates from the lack of proper validation of client data by a WEB application. An attacker can exploit this vulnerability to execute...

OpenCATS Cross-Site Scripting Vulnerability (CNVD-2021-09918)

OpenCATS is a free open source candidate/applicant tracking system designed to allow recruiters to manage the hiring process from job posting and candidate application to candidate selection and submission. A cross-site scripting vulnerability exists in OpenCATS 0.9.5-3 and earlier versions. An...