106 matches found
Wordpress Hashtagger Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in the Wordpress Hashtagger plugin that stems...
WordPress plugin Custom Global Variables 'name' cross-site scripting vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in the WordPress plugin Custom Global Variables...
QNAP Systems TS-870 Cross-Site Scripting Vulnerability
QNAP Systems TS-870 is a NAS Network Attached Storage appliance from China Weilian QNAP Systems. A cross-site scripting vulnerability exists in PhotoStation Filenames in the QNAP Systems TS-870 using firmware version 4.3.4.0486. The vulnerability stems from a lack of proper validation of client...
GitLab Cross-Site Scripting Vulnerability (CNVD-2021-26076)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A cross-site scripting vulnerability exists in the SVG file preview in GitLab, which can be exploit...
SilverStripe Advanced Reports Cross-Site Scripting Vulnerability
SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . A cross-site scripting vulnerability exists in SilverStripe Advanced Reports module...
Cross-Site Scripting in jquery
Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors wh...
jsPDF cross-site scripting vulnerability
jsPDF is a JavaScript-based PDF document generation library . A cross-site scripting vulnerability exists in all versions of jsPDF. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute client-si...
Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2021-17781)
Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.2.11, 1.3.x prior to 1.3.14 and 1.4.x prior to 1.4.7. The...
Froala WYSIWYG HTML Editor Cross-Site Scripting Vulnerability
Froala WYSIWYG HTML Editor is a U.S. Froala company's Web-based WYSIWYG rich text editor . A cross-site scripting vulnerability exists in Froala WYSIWYG HTML Editor versions 3.0.6 through 3.1.1. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. A...
Red Hat Keycloak Cross-Site Scripting Vulnerability (CNVD-2021-17784)
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A cross-site scripting vulnerability exists in Red Hat Keycloak. The vulnerability stems from a lack of proper authentication of client-side da...
Adobe Magento WebForms Pro M2 Cross-Site Scripting Vulnerability
Adobe Magento is the United States Odo than Adobe company's set of open source PHP e-commerce system . The system provides rights management , search engines and payment gateways , etc. WebForms Pro M2 is used in which a form to build extensions . Adobe Magento 2 in the WebForms Pro M2 version...
Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability
Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...
SolarWinds Orion Platform Cross-Site Scripting Vulnerability
SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...
Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability (CNVD-2021-39049)
Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...
Kordil EDMS Cross-Site Scripting Vulnerability
Kordil EDMS is an open source electronic document management system of the Turkish company Kordil . The system supports features such as document management and document control. A cross-site scripting vulnerability exists in the usersedit.php file, usersmanagementedit.php file, and...
CVE-2020-13279
Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system...
CVE-2020-13279
Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system...
Wiki.js Cross-Site Scripting Vulnerability
Wiki.js is Requarks.io team of a set of Node.js-based and written in JavaScript language open source Wiki software . A cross-site scripting vulnerability exists in Wiki.js versions prior to 2.4.107. The vulnerability stems from the WEB application's lack of proper validation of client-side data. ...
MONITORAPP AIWAF-VE and AIWAF-4000 Cross-Site Scripting Vulnerabilities
Monitorapp AIWAF-4000 is an application firewall from MONITORAPP Monitorapp, USA. A cross-site scripting vulnerability exists in MONITORAPP AIWAF-VE and AIWAF-4000 2020-06-16 and earlier versions. The vulnerability stems from a lack of proper validation of client data by the WEB application. An...
MISP Cross-Site Scripting Vulnerability (CNVD-2021-08165)
MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/View/Events/resolvedattributes.ctp...