149 matches found
WordPress plugin Booking Calendar 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Booking Calendar. The vulnerability stems from the program not cleaning and...
Zoho ManageEngine SupportCenter Plus 跨站脚本漏洞
ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO, Inc. A cross-site scripting vulnerability exists in ZOHO ManageEngine SupportCenter Plus, which stems from the product's failure to validate user identities and could be exploited by attackers to obtain a...
WordPress Easy Social Icons Cross-Site Scripting Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Easy Social Icons plugin is a WordPress open source application plugin. WordPress Easy Social Icons plugin in...
WordPress underConstruction cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress underConstruction plugin in version 1.18...
ZTE ZXIPTV Cross-Site Scripting Vulnerability
ZTE ZXIPTV is a set-top box from ZTE ZTE. A cross-site scripting vulnerability exists in ZTE ZXIPTV EASP version 5.06.04.09, which stems from the application's lack of validation of user input data and filtering of input data. The vulnerability can be exploited by an attacker to trick a user into...
JetBrains YouTrack Cross-Site Scripting Vulnerability (CNVD-2022-09231)
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions of JetBrains YouTrack prior to 2021.2.17925, which stems from the lack of proper validation of client-side data in the web...
IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2021-88200)
IBM API Connect is an integrated solution for managing the API lifecycle from IBM USA. The product supports creating, running, managing and securing APIs, microservices and more. A cross-site scripting vulnerability exists in IBM API Connect. The vulnerability stems from the lack of proper...
NCH Quorum 跨站脚本漏洞
NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which could be exploited by attackers to steal cookie-based authentication credentials from victims...
WordPress W3 Total Cache plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache in versions prior to 2.1.4, which stems from a lack of validation of client-side data in the "extension" parameter of t...
Advantech R-SeeNet Cross-Site Scripting Vulnerability
Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in Advantech R-SeeNet, which stems from the lack ...
Joomla! Cross-site scripting vulnerability (CNVD-2021-53938)
A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...
Apache Ambari Cross-Site Scripting Vulnerability (CNVD-2021-14760)
Apache Ambari is an open source Apache application. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A cross-site scripting vulnerability exists in Apache Ambari 2.7.4, which stems from the input in the view is not effectively...
GLPI Cross-Site Scripting Vulnerability (CNVD-2021-17777)
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
Apache Ambari 跨站脚本漏洞
Apache Ambari is an open source Apache application. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A cross-site scripting vulnerability exists in Apache Ambari 2.7.4, which stems from the input in the view is not effectively...
Twitter TwitterServer Cross-Site Scripting Vulnerability
Twitter TwitterServer is a Scala-based software for building Twitter servers. The software can be used to build a Twitter server through the template, in addition to the server can be managed, monitoring. A cross-site scripting vulnerability exists in Twitter TwitterServer versions prior to 20.12...
Twitter TwitterServer 跨站脚本漏洞
Twitter TwitterServer is a Scala-based software for building Twitter servers. The software can be used to build a Twitter server through the template, in addition to the server can be managed, monitoring. A cross-site scripting vulnerability exists in Twitter TwitterServer versions prior to 20.12...
Starbucks: Singapore - Account Takeover via IDOR
ko2sec discovered that an alternate site shared database and cookie credentials with card.starbucks.com.sg. By exploiting an endpoint on the alternate site, ko2sec was able to copy a PHPSESSID cookie value from that site over to card.starbucks.com.sg and then see user information, update the...
Unspecified Vulnerability in Rukovoditel
Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A security vulnerability exists in Rukovoditel version 2.5.2, which stems from the program storing user...
Cisco Digital Network Architecture Center Cross-Site Scripting Vulnerability (CNVD-2020-04518)
Cisco Digital Network Architecture Center DNA Center is a set of digital network architecture solutions from the U.S. company Cisco Cisco. The program can extend and protect devices, applications, etc. within the network. A cross-site scripting vulnerability exists in Cisco Digital Network...
Intelbras Router WRN150 Cross-Site Scripting Vulnerability
The Intelbras Router WRN150 is a wireless router from Intelbras Brazil. A cross-site scripting vulnerability exists in the Intelbras Router WRN150. An attacker can exploit the vulnerability to execute arbitrary script code in the context of the affected site. This allows an attacker to steal...