HTML Injection vulnerability in create tag functionality

Vulnerability Details In the Microweber CMS, While doing a live edit on to the application, we have the option to create a new global tag in the application. While creating a global tag, the "Tag Name" input field doesn't properly get sanitized and it's vulnerable to HTML Injection vulnerability...

Revive Adserver: Multiple cross-site scripting (XSS) vulnerabilities in Revive Adserver

Vulnerability description not provided...

Pegasystem PEGA Platform Cross-Site Scripting Vulnerability (CNVD-2023-12002)

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM business process management, case management, real-time decision making and CRM customer relationship management.Pegasystem Pega Platform suffers...

Pegasystem PEGA Platform Cross-Site Scripting Vulnerability (CNVD-2023-12004)

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM business process management, case management, real-time decision making and CRM customer relationship management.Pegasystem PEGA Platform has a...

Pegasystem PEGA Platform 跨站脚本漏洞

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM business process management, case management, real-time decision making and CRM customer relationship management.Pegasystem PEGA Platform has a...

CVE-2022-34768

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

Input validation

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

Moodle Stored XSS and blind SSRF possible via SCORM track details

A stored Cross-site Scripting XSS and blind Server-Side Request Forgery SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary...

Mozilla Firefox 竞争条件问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from insufficient cleaning of user-supplied data, and can be exploited by remote attackers to execute arbitrary HTML and script code in a...

CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

UBUNTU-CVE-2022-34033

HTMLDoc v1.9.15 was discovered to contain a heap overflow via writeheader /htmldoc/htmldoc/html.cxx:273...

CVE-2022-34160

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...

CVE-2022-34176

A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...

TrueConf Server Cross-Site Scripting Vulnerability (CNVD-2022-53541)

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. TrueConf Server version 4.3.7 is vulnerable to a cross-site scripting vulnerability stemming from certain unknown processing of the file /admin/conferences/list/, where parameter ordering...

TrueConf Server Cross-Site Scripting Vulnerability (CNVD-2022-53542)

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that originates from unknown code in the file /admin/conferences/get-all-status/, with the parameter...

EyouCms Cross-Site Scripting Vulnerability (CNVD-2022-62185)

eyoucms is a content management system. A cross-site scripting vulnerability exists in the eyoucms login page, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to obtain sensitive information or hijack user sessions when malicious...

Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update

The plugin does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them. Open the following HTML code while being logged in as a subscriber, or make any logged in user open it via a CSRF attack...

CVE-2022-24876 Stored cross site scrpting in GLPI's Kanban

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scriptin...