CVE-2022-42967

Caret is affected by an XSS vulnerability in the Markdown preview mode that allows client-side code execution when a crafted Markdown file is opened. The issue is described across multiple sources as an XSS in Caret’s Markdown viewer, with impact on confidentiality, integrity, and availability of...

PT-2023-14164 · Caret · Caret

Name of the Vulnerable Software and Affected Versions: Caret affected versions not specified Description: The issue is related to an XSS attack that occurs when a user opens a crafted Markdown file with preview mode enabled, leading to client-side code execution. Recommendations: At the moment,...

Multiple XSS Vulnerabilities in Queue Condition

Description Cross-Site Scripting XSS vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code...

CVE-2022-3853 Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF

Cross-site Scripting XSS is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application...

MGASA-2022-0436 Updated dropbear packages fix security vulnerability

Updated dropbear package fixes a security vulnerability in dbclient:. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measure...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozila Firefox. An attacker could exploit the vulnerability to execute client-side code...

Fortinet FortiADC Cross-Site Scripting Vulnerability (CNVD-2023-02489)

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A cross-site scripting vulnerability exists in Fortinet FortiADC, which stems from incorrectly neutralizing input during web page generation. An attacker could exploit this vulnerability to execute client-side code...

CVE-2022-35554

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...

CVE-2022-24692

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2022-55670)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains TeamCity 2022.04. The vulnerability stems from a lack of data validation filtering of user-supplied data a...

CVE-2022-23165

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting XSS - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected produc...

Cross site scripting

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting XSS - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected produc...

ZZCMS Cross-Site Scripting Vulnerability (CNVD-2022-71404)

ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS 2021 is vulnerable to a cross-site scripting vulnerability that originates from a lack of restriction and filtering of user parameters in admanage.php. An attacker could exploit this vulnerability to execute client-side...

Zoho ManageEngine Netflow Analyzer Professional跨站脚本漏洞

ZOHO ManageEngine Netflow Analyzer is a web-based bandwidth monitoring tool from ZOHO, Inc. A cross-site scripting vulnerability exists in ZOHO ManageEngine Netflow Analyzer Professional version 7.0.0.2, which stems from the lack of proper validation of client-side data by the web application and...

SourceCodester College Website Management System SQL注入漏洞

SourceCodester College Website Management System is an application of SourceCodester, Inc. SourceCodester College Website Management System version 1.0 is vulnerable to SQL injection, which originates from the lack of user-supplied data and output data in the id parameter of...

Orchard Coret Cross-Site Scripting Vulnerability

Net Core, an open source modular and multi-tenant application framework built using Asp.Net Core, and a content management system Cms built on top of the framework.A cross-site scripting vulnerability exists in Orchard Core, which stems from the lack of proper validation of client-side data in th...

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-22704)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. cross-site scripting vulnerabilities exist ...

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-22703)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. cross-site scripting vulnerability exists i...

WordPress Dynamic Widgets plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Dynamic Widgets plugin prior to version 1.5.16,...

Car Driving School Management System Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Car Driving School Management System, a driving school management system, which stems from the fact that the product's User Enrollment Form does not effectively filter user input data and can be exploited by attackers to The vulnerability causes...