Dolibarr ERP / CRM 13.0.2 Cross Site Scripting

Trovent Security Advisory 2105-02 Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2105-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2...

The vulnerability of the WordPress website content management system is related to the lack of measures taken to protect the website’s structure, allowing attackers to inject arbitrary Web or HTML code.

The vulnerability of the WordPress website content management system is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code...

CVE-2021-41555

In ARCHIBUS Web Central 21.3.3.815 a version from 2014, XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML cod...

ROS-2-1198

2.1198 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

ROS-2-877

2.877 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

ROS-2-1276

2.1276 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62969)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62976)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62970)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

MTN Group: XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

PoC https://videostore.mtnonline.com/GL/MyAccount.aspx?PId=126&CID=5&OprId=11%27 Symbols are not filtered that alloweds to inject HTML code. F1353609 Impact XSS at videostore.mtnonline.com...

MTN Group: XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

PoC http://nextapps.mtnonline.com/search/suggest/q/xss1337 Symbols are no filtered that alloweds to inject HTML code. Response has content-type: text/html F1353600 Impact XSS at nextapps.mtnonline.com...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to improper code generation management, allows a perpetrator to execute arbitrary HTML code.

The vulnerability of the online business analytics service IBM Cognos Analytics is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

Hardcoded credentials

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

Design/Logic Flaw

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2020-21993

CVE-2020-21993 is a reflected cross-site scripting vulnerability in WEMS Limited Enterprise Manager 2.58. It arises from the GET parameter email not being properly sanitized before being echoed back to the user, enabling arbitrary HTML to execute in a victim’s browser in the context of the affect...

Design/Logic Flaw

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...