IceWarp WebClient Cross-Site Scripting Vulnerability

Icewarp IceWarp WebClient is a web-based mail service client from IceWarp Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient, which stems from the P4 field of the product's Webmail Calender feature not validating user input data. The vulnerability can be exploited to execut...

PbootCMS 跨站脚本漏洞

PbootCMS is an open source enterprise building content management system CMS using PHP language developed by PbootCMS individual developers. PbootCMS suffers from a cross-site scripting vulnerability that stems from the product's admin.php page not properly validating client-side data. An attacke...

Joomla! Cross-site scripting vulnerability (CNVD-2021-53938)

A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...

Joomla! 跨站脚本漏洞

A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...

CVE-2021-22223

Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...

CVE-2021-22223

Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link...

CVE-2021-22223

GitLab CE/EE vulnerable to Client-Side code injection via feature flag names (CVE-2021-22223). Affected versions: 11.9 up to before 14.0.2. Root cause: crafted feature flag name allows PUT requests on behalf of other users when a link is clicked. Impact: an attacker could perform actions on behal...

SmarterTools SmarterMail 跨站脚本漏洞

Smartertools SmarterTools SmarterMail is a set of mail server software from SmarterTools Smartertools, USA. The software supports spam filtering, statistics, simple mail transfer protocol SMTP authentication and other features. A cross-site scripting vulnerability exists in SmarterTools SmarterMa...

Cacti 跨站脚本漏洞

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . Cacti suffers from a cross-site scripting vulnerability that exists...

U.S. Dept Of Defense: Cross site scripting

Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. Impact Malicious...

QNAP Qcenter Cross-Site Scripting Vulnerability

Qnap Systems QCenter is a centralized management platform from China Weilian Qnap Systems that allows you to consolidate the management of multiple QNAP NAS. A cross-site scripting vulnerability exists in QNAP Qcenter in version 1.11.1004 and earlier versions, which stems from the product's lack ...

Plone Cross-Site Scripting Vulnerability (CNVD-2021-46652)

Plone is an open source content management system CMS built on the Zope application server. Plone suffers from a cross-site scripting vulnerability in versions 5.0 through 5.2.4 that stems from the fact that if a contributor creates a folder with a SCRIPT tag in the description field, the editor ...

Plone 跨站脚本漏洞

Plone is an open source content management system CMS built on the Zope application server. Plone suffers from a cross-site scripting vulnerability in versions 5.0 through 5.2.4 that stems from the fact that if a contributor creates a folder with a SCRIPT tag in the description field, the editor ...

WordPress plugin Smart Slider 'name' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in the WordPress plugin Smart Slider 'name',...

Shopware 跨站脚本漏洞

Shopware is an open source e-commerce platform. A cross-site scripting vulnerability exists in Shopware versions prior to 5.6.10. An attacker can exploit this vulnerability to inject malicious script into Administration to execute client-side code...

Trace Financial CRESTBridge Cross-Site Scripting Vulnerability (CNVD-2021-61763)

CRESTBridge is a resilient, feature-rich interface for Trace Financial.A cross-site scripting vulnerability exists in Trace Financial CRESTBridge, which can be exploited by attackers to execute client-side code...

Trace Financial Crest Bridge Cross-Site Scripting Vulnerability

CRESTBridge is a resilient, feature-rich interface for Trace Financial.A cross-site scripting vulnerability exists in Trace Financial Crest Bridge, which can be exploited by attackers to execute client-side code...

Backdoor.Win32.Zombam.gen Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Cross Site Scripting XSS Description: Zombam malware listen...

Trace Financial Crest Bridge 跨站脚本漏洞

CRESTBridge is a resilient, feature-rich interface for Trace Financial.A cross-site scripting vulnerability exists in Trace Financial Crest Bridge, which can be exploited by attackers to execute client-side code...

Trace Financial CRESTBridge 跨站脚本漏洞

CRESTBridge is a resilient, feature-rich interface for Trace Financial.A cross-site scripting vulnerability exists in Trace Financial CRESTBridge, which can be exploited by attackers to execute client-side code...