CVE-2021-41555

In ARCHIBUS Web Central 21.3.3.815 a version from 2014, XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML cod...

ROS-2-1198

2.1198 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

ROS-2-877

2.877 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

ROS-2-1276

2.1276 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62970)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62976)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62969)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

MTN Group: XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

PoC https://videostore.mtnonline.com/GL/MyAccount.aspx?PId=126&CID=5&OprId=11%27 Symbols are not filtered that alloweds to inject HTML code. F1353609 Impact XSS at videostore.mtnonline.com...

MTN Group: XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

PoC http://nextapps.mtnonline.com/search/suggest/q/xss1337 Symbols are no filtered that alloweds to inject HTML code. Response has content-type: text/html F1353600 Impact XSS at nextapps.mtnonline.com...

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

Hardcoded credentials

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

Design/Logic Flaw

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

CVE-2020-21993

CVE-2020-21993 is a reflected cross-site scripting vulnerability in WEMS Limited Enterprise Manager 2.58. It arises from the GET parameter email not being properly sanitized before being echoed back to the user, enabling arbitrary HTML to execute in a victim’s browser in the context of the affect...

Design/Logic Flaw

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

CVE-2021-1420

CVE-2021-1420 refers to an HTML injection vulnerability in Cisco Webex Meetings pages. The issue arises from improper validation/checks of parameter values, allowing an unauthenticated, remote attacker to persuade a user to follow a crafted link that injects HTML into an affected parameter. This ...

Regular Expression Denial Of Service (ReDoS)

ckeditor5 is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability and crash the system by submitting a malicious html code via the parse.js function...

Cross Site Scripting vulnerability allows injecting HTML code into table edits

h3. Issue Summary Cross Site Scripting vulnerability allows injecting HTML code into table edits h3. Steps to Reproduce Edit a page Then access the Insert macro 'Info' option. A new window will open, in which the Preview option must be selected. With the help of an intermediate proxy such as burp...