Dell Unity 跨站脚本漏洞

Dell Unity is a set of virtual Unity storage environments from Dell USA. A cross-site scripting vulnerability exists in Dell Unity versions prior to 5.4, which can be exploited by an attacker to obtain the victim's cookie-based authentication credentials...

Cups Easy cross-site scripting vulnerability (CNVD-2024-13104)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from a failure to adequately escape the flatamount parameter on the /cupseasylive/taxstructurelinecreate.php page. An...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11125)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the costcenterid parameter on the /cupseasylive/costcentercreate.php page. An attacker...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11128)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/countrylist.php page. An attacker could...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11130)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the currencyid parameter on the /cupseasylive/currencycreate.php page. An attacker coul...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11129)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the countryid parameter on the /cupseasylive/countrymodify.php page. An attacker could...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11146)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/statelist.php page. An attacker could us...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11148)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the batchno parameter on the /cupseasylive/stock.php page. An attacker could use this...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11147)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/statemodify.php page. An attacker could...

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/taxstructurecreate.php page. An attacker...

CVE-2023-50725

A cross-site scripting flaw was found in Resque due to improper validation of user-supplied input by the resque-web failed and queues lists. This issue could allow a remote authenticated attacker to use a specially crafted URL to execute script in a victim's web browser within the security contex...

Security Bulletin: Multiple vulnerabilities in jQuery affect IBM Tivoli Netcool Impact

Summary jQuery is shipped with IBM Tivoli Netcool Impact as part of its user interface. Information about security vulnerabilities affecting jQuery has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site...

Microsoft Dynamics 365 (on-premises) cross-site scripting vulnerability (CNVD-2023-101676)

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A cross-site scripting vulnerability exists in Microsoft Dynamics 365 on-premises,...

Cross site scripting

HCL Connections is vulnerable to reflected cross-site scripting XSS where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal...

CVE-2023-37533 HCL Connections is vulnerable to reflected cross-site scripting

HCL Connections is vulnerable to reflected cross-site scripting XSS where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal...

Microsoft Dynamics 365 跨站脚本漏洞

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. Microsoft Dynamics 365 on-premises cross-site scripting vulnerability can be...

Security Bulletin: Multiple vulnerabilities identified in jQuery-UI affects IBM Engineering Lifecycle Optimization - Publishing

Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...

Webmin 跨站脚本漏洞

Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. A cross-site scripting vulnerability exists in Webmin. The vulnerability is due to a file manager function that incorrectly validates user-supplied input. An attacker could use this...

CVE-2023-3978

A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...

HCL Technologies BigFix Mobile 跨站脚本漏洞

HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. A cross-site scripting vulnerability exists i...