8222 matches found
Cross site scripting
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...
Cross site scripting
The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
Cross site scripting
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9734
The CVE-2020-9734 issue affects Adobe Experience Manager (AEM) Forms add-on versions 6.5.5.0 and earlier and 6.4.8.1 and earlier. It is a stored XSS vulnerability that lets users with Author privileges store scripts in Forms fields, which could be executed in a victim’s browser when opening the a...
CVE-2020-9734 Stored XSS in AEM Forms component
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9741 Stored XSS in AEM Forms Components
The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9741
The CVE-2020-9741 entry concerns Adobe Experience Manager (AEM) Forms add-on vulnerabilities. Affected versions: AEM Forms add-on 6.5.5.0 (and below) and 6.4.8.2 (and below). The issue is a stored XSS in fields associated with the Forms component, exploitable by users with Author privileges. When...
CVE-2020-9732 Stored XSS in AEM Sites Components
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...
CVE-2020-9732
CVE-2020-9732 affects Adobe Experience Manager (AEM) Forms add-on for versions 6.5.5.0 and earlier and 6.4.8.2 and earlier. Root cause is a stored XSS in fields for the Sites component, allowing an author to store malicious scripts that execute in a viewer’s browser when the vulnerable page is op...
CVE-2020-6313
SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...
CVE-2020-6313
SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...
Cross site scripting
SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...
CVE-2020-6313
CVE-2020-6313 affects SAP NetWeaver Application Server Java (XML Forms) on versions 7.30, 7.31, 7.40, 7.50. The root cause is insufficient encoding of user-controlled inputs, enabling an authenticated user with special roles to store content that, when accessed by a victim, can execute JavaScript...
CVE-2020-6313
SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...
Adobe Experience Manager (AEM) Forms Stored Cross-Site Scripting Vulnerability
Adobe Experience Manager AEM Forms is an enterprise document and forms platform that lets you capture and process information, deliver personalized communications, and protect and track sensitive information. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM Forms...
Adobe Experience Manager (AEM) Forms stored cross-site scripting vulnerability (CNVD-2020-52155)
Adobe Experience Manager AEM Forms is an enterprise document and forms platform that lets you capture and process information, deliver personalized communications, and protect and track sensitive information. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM Forms...
RLSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...
PT-2020-4018 · Microsoft +1 · Xamarin.Forms +1
Name of the Vulnerable Software and Affected Versions: Microsoft Xamarin.Forms versions prior to 83.0.4103.106 Description: A spoofing issue exists due to the default settings on Android WebView, allowing an attacker to execute arbitrary Javascript code on a target system. The attack requires the...
APSB20-56 Security update available for Adobe Experience Manager
Adobe has released updates for Adobe Experience Manager AEM and the AEM Forms add-on package. These updates resolve vulnerabilities rated Critical and Important. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser...
Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS
Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. PoC High-privileged user Editor+ can exploit XSS via Add New Form...