5839 matches found
CVE-2022-1492
Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...
WordPress Testimonials plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Testimonials plugin is vulnerable to a cross-site scripting vulnerability that stems from t...
CVE-2022-35872
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2022-35870
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
CVE-2022-1539
The CVE-2022-1539 entry concerns the WordPress Exports and Reports plugin (versions prior to 0.9.2). The connected documents confirm the vulnerability arises from the plugin not sanitizing/validating data when generating CSV exports, enabling CSV injection via Excel DDE and potential data leakage...
WordPress plugin Exports and Reports 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Testimonials 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Testimonials plugin is vulnerable to a cross-site scripting vulnerability that stems from t...
IBM Sterling Partner Engagement Manager Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in IBM Sterling Partner Engagement Manager, an automation management tool from IBM. IBM Sterling Partner Engagement Manager stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to...
Moodle Cross-Site Scripting Vulnerability (CNVD-2022-54914)
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...
IBM Engineering Requirements Quality Assistant Cross-Site Scripting Vulnerability (CNVD-2022-87649)
IBM Engineering Requirements Quality Assistant is a Watson AI-based software from IBM to assist developers in improving the quality of engineering requirements. All versions of IBM Engineering Requirements Quality Assistant are vulnerable to a cross-site scripting vulnerability that stems from a...
IBM Sterling Partner Engagement Manager 跨站脚本漏洞
A cross-site scripting vulnerability exists in IBM Sterling Partner Engagement Manager, an automation management tool from IBM. IBM Sterling Partner Engagement Manager stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to...
Moodle 跨站脚本漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...
IBM WebSphere Application Server Cross-Site Scripting Vulnerability
IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM WebSphere...
IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2022-55503)
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...
Simple e-Learning System Cross-Site Scripting Vulnerability
Simple e-Learning System is a simple e-learning system from Carlo Montero's personal developer. version 1.0 of Simple e-Learning System is vulnerable to a cross-site scripting vulnerability that stems from the lack of a Bio parameter in the file /vcs/claireblake to filter the user-supplied data a...
CVE-2021-34987
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 49187. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...
Synology Calendar Cross-Site Scripting Vulnerability (CNVD-2022-67855)
Synology Calendar is a file protection program from Synology Inc. of Taiwan, China that runs on Synology NAS Network Storage Server devices. A cross-site scripting vulnerability exists in Synology Calendar versions prior to 2.4.5-10930. The vulnerability stems from the program's lack of data...
Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
IBM i Cross-Site Scripting Vulnerability (CNVD-2022-83587)
IBM i is a set of operating systems from IBM running in IBM Power Systems and IBM PureSystems. IBM i versions 7.2, 7.3, 7.4, and 7.5 have a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploi...