22 matches found
Cross-site Scripting (XSS)
Overview org.webjars.npm:echarts is an Apache ECharts is a powerful, interactive charting and data visualization library for browser Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tooltip rendering when both Lines series and tooltip are used without a...
Cross-site Scripting (XSS)
Overview echarts is an Apache ECharts is a powerful, interactive charting and data visualization library for browser Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tooltip rendering when both Lines series and tooltip are used without a user-specified...
CVE-2026-45249 Apache ECharts: XSS in Lines series tooltip rendering
A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...
CVE-2026-45249 Apache ECharts: XSS in Lines series tooltip rendering
A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...
Photon OS 5.0: Curl PHSA-2026-5.0-0732
An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0732. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Glib PHSA-2025-5.0-0709
An update of the glib package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0709. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
EUVD-2025-201188
A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...
CVE-2025-14006
A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...
CVE-2025-14006 dayrui XunRuiCMS Add Data Validation admind45f74adbd95.php cross site scripting
A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...
CVE-2025-14006
CVE-2025-14006 affects dayrui XunRuiCMS up to version 4.7.1. The vulnerability lies in the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1, where manipulating the argument data[name] enables cross-site scripting. The issue is exploitable remotely and the public exploit has been ...
xunruicms 跨站脚本漏洞
xunruicms is a website builder framework for individual developers of XunRuiCMS. A code injection vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the parameter dataname in the file /admind45f74adbd95.php, and could lead to cross-site...
xunruicms 代码注入漏洞
xunruicms is a website builder framework for individual developers of XunRuiCMS. A code injection vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the parameter dataname in the file /admind45f74adbd95.php, and could lead to cross-site...
PT-2025-49028
Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A security issue exists in dayrui XunRuiCMS. The issue is related to cross site scripting, potentially allowing remote attacks. The manipulation of the dataname argument in the file...
Photon OS 5.0: Docker PHSA-2025-5.0-0667
An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0667. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
SUSE CVE-2023-53483
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null return of devmkzalloc in fchmiscsetup devmkzalloc may fail, clkdata-name might be NULL and will cause a NULL pointer dereference later. rjw: Subject and changelog edits...
CVE-2023-53483
CVE-2023-53483 affects the Linux kernel, specifically the ACPI processor code. The vulnerability arises in fch_misc_setup() where devm_kzalloc() may return NULL and lead to a NULL pointer dereference if clk_data->name is NULL. The CVE entry indicates this issue has been resolved in the Linux k...
CVE-2023-53483 ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup()
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null return of devmkzalloc in fchmiscsetup devmkzalloc may fail, clkdata-name might be NULL and will cause a NULL pointer dereference later. rjw: Subject and changelog edits...
CVE-2025-41033
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...
appRain CMF SQL注入漏洞
appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-static-pages/create. An attacker could use this...
SUSE CVE-2017-5938
Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...