2994 matches found
School Registration And Fee System 1.0 Cross Site Scripting
Exploit Title: School Registration and Fee System | Multiple Stored Cross Site Scripting Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html Version: 1.0...
Red Hat Descision Manager 7 安全漏洞
Red Hat Descision Manager 7 is an application system from Red Hat, Inc. It provides a powerful, scalable, open source business rules management system that also includes business resource optimization and complex event processing CEP technologies. A security vulnerability exists in Red Hat...
Adobe InDesign 跨站脚本漏洞
Adobe Acs-aem-commons is a Java-based codebase for AEM/CQ code collections generated according to AEM by Adobe in the United States. A security vulnerability exists in Adobe ACS Commons that stems from a failure to properly handle invalid JCR characters, which can be exploited by an attacker to...
Acronis: Cross Site Scripting (Reflected) on https://www.acronis.cz/
Summary You can post javascript and html code in form fields steps : 1-go to vulnerability link : https://www.acronis.cz/poptavka-acronis/ 2- enter this javascript code "alert1; in form field for xss and enter Test for html injection. Impact Impact 1- Cookie stealing 2- Pishing attacks 3- URL...
Acronis: Cross Site Scripting (Reflected) on https://www.acronis.cz/dotaznik/roadshow-2020/
Vulnerability description not provided...
CVE-2020-24445
AEM's Cloud Service offering, as well as version 6.5.6.0 and below, are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
CVE-2020-24445
AEM's Cloud Service offering, as well as version 6.5.6.0 and below, are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
Cross site scripting
AEM's Cloud Service offering, as well as version 6.5.6.0 and below, are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
GHSA-8QH7-XW58-3WW7 Malicious Package in radic-util
Version 1.0.2 of radic-util contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate you...
GHSA-28F8-HQMC-7PH8 Malicious Package in ember-power-timepicker
Version 1.0.8 of ember-power-timepicker contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...
Malicious Package in ember-power-timepicker
Version 1.0.8 of ember-power-timepicker contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...
Malicious Package in angular-location-update
Version 0.0.3 of angular-location-update contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...
Cross site scripting
The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
GHSA-CHH2-RVHG-WQWR Malicious Package in json-serializer
Version 2.0.10 of json-serializer contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate...
Malicious Package in bmap
Version 1.0.3 of bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installed you will want t...
Malicious Package in ngx-context-menu
Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
Malicious Package in @fangrong/xoc
Version 1.0.6 of @fangrong/xoc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
GHSA-78P3-96HC-3J47 Malicious Package in jquery-airload
Version 0.2.5 of jquery-airload contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
Malicious Package in jquery-airload
Version 0.2.5 of jquery-airload contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
GHSA-377F-VVRC-9WGG Malicious Package in zemen
Version 0.0.5 of zemen contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also recommended t...