130 matches found
CVE-2022-43165
A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create"...
CVE-2022-35651
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in contex...
Cybozu Office 跨站脚本漏洞
Cybozu Office is a web-based, cross-platform collaborative office solution from Cybozu. Cybozu Office suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code...
Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to execute scripts to access the cookie JSA_CSRF when set without the HttpOnly flag.(CVE-2021-38879)
Summary Summary guidance: - The Jazz Team Server is vulnerable to execute scripts to access the cookie and transmitted it to another site when JSACSRF cookie is set without the HttpOnly flag. Vulnerability Details CVEID: CVE-2021-38879 DESCRIPTION: IBM Jazz Foundation could allow a remote attacke...
Cisco Unified Communications Manager 跨站脚本漏洞
Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...
PT-2022-2501 · Cisco · Cisco Firepower Management Center
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow an authenticated, remo...
aEnrich a+HRD 安全漏洞
aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. The aEnrich a+HRD has a security vulnerability that allows an unauthenticated, remote attacker to control the system or disrupt services by uploading and executing malicious scripts using API functions...
Mozilla: Sandboxed iframes could have executed script if the parent appended elements
The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...
Cross-site Scripting (XSS) - Stored in microweber/microweber
Description Stored XSS occurs when changing a user's profile Proof of Concept txt XSS POC : "alertdocument.domain 1. Open the https://demo.microweber.org/demo/admin 2. Go to "Users" "Edit profile" 3. Change the value of "First Name" to XSS PoC 4. Refresh Impact Through this vulnerability, an...
CVE-2021-44299
A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2021-23856 Reflected Cross-Site-Scripting
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL...
CVE-2020-19704
A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...
Zammad cross-site scripting vulnerability (CNVD-2021-48885)
Zammad is a Web-based open source helpdesk/customer support system. A cross-site scripting vulnerability exists in Zammad. The vulnerability can be exploited by a remote attacker to execute arbitrary web script or HTML via multiple models containing a "comment" field...
Medium: git
Issue Overview: Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a...
Cross-Site Scripting (XSS)
webkitgtk4 is vulnerable to cross-site scripting. A malicious website may be able to execute scripts in the context of another website...
CVE-2021-1127
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...
SAP Disclosure Management Code Issue Vulnerability (CNVD-2020-74927)
SAP Disclosure Management is an automated financial disclosure management system from SAP. The system provides a collaborative financial disclosure process across teams, geographies, systems and data sources. A security vulnerability exists in SAP Disclosure Management version 10.1 that stems fro...
CVE-2020-26828
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload script on target...
SAP Disclosure Management 代码问题漏洞
SAP Disclosure Management is an automated financial disclosure management system from SAP. The system provides a collaborative financial disclosure process across teams, geographies, systems and data sources. A security vulnerability exists in SAP Disclosure Management version 10.1 that stems fro...
Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure Proxy Summary
Summary Three Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure Proxy. Vulnerability Details CVE-ID: CVE-2019-10241 Description: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A...