CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

Cross site scripting

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

CVE-2021-20809

Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable...

CVE-2021-20809

CVE-2021-20809 is a cross-site scripting vulnerability in Movable Type’s Create screens (Entry, Page, Content Type). The issue arises from lack of validation/escaping of user-supplied data, allowing remote attackers to inject arbitrary script or HTML via unspecified vectors. Affected products/ver...

F5 BIG-IP TMUI Remote Command Execution Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A remote command execution vulnerability exists in the F5 BIG-IP TMUI, which can be exploited by an authenticated attacker wi...

CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Search screen CWE-79 - CVE-2021-20808 Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type CWE-79 -...

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE 12.6 and...

easy-mock 1.6.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: easy-mock 1.6.0 - Remote Code Execution RCE Authenticated Date: 12/08/2021 Exploit Author: LionTree Vendor Homepage: https://github.com/easy-mock Software Link: https://github.com/easy-mock/easy-mock Version: 1.5.0-1.6.0 Tested on: windows 10node v8.17.0 import requests import json...

CVE-2021-37652

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource an...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description csrf bug to create a backup 🕵️‍♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to create database backup GET /online-invoice/app/admin/pageBackupRestore.php?action=createbackup HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0...

CVE-2021-28674

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node outside of the attacker's perimeter via an account with write permissions. This occurs because node IDs are predictable with incrementing numbers and the access control on...

jenkins: view name validation bypass

A flaw was found in Jenkins. Due to lack of validation of the newly created view name, an attackers with View/Create permission are allowed to create views with invalid or already-used names...

CVE-2020-23242

Cross Site Scripting XSS vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature...

CVE-2020-23242

Cross Site Scripting XSS vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature...

Cross site scripting

Cross Site Scripting XSS vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature...

CVE-2020-23242

Cross Site Scripting XSS vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature...

CVE-2020-23242

NavigateCMS 2.9 is affected by a Cross Site Scripting (XSS) vulnerability when using the Create or Edit actions via the Tools feature. The issue is documented across multiple sources (including Red Hat, CNVD, CVE listings) with consistent description: XSS in NavigateCMS 2.9 during Create/Edit in ...

CVE-2021-21442

In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19...