CVE-2024-9940

The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that...

Sophos UTM 跨站脚本漏洞

Sophos UTM is a next-generation firewall. A security vulnerability exists in Sophos UTM versions prior to 9.706. The vulnerability stems from stored XSS that can be executed as an administrator in the quarantine email details view...

Cross site scripting

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /Email/view saved draft message...

EspoCRM Cross-Site Scripting Vulnerability

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in the views/fields/wysiwyg.js file in EspoCRM version 5.3.6. A remote attacker can...

[RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View

Advisory: IceWarp WebMail Server: Cross Site Scripting in Email View During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to Cross Site Scripting attacks in its email view. This enables attackers to send emails with embedded JavaScript code, for exampl...