Cross site scripting

IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430...

Cross-Site Scripting (XSS)

mediawiki is vulnerable to cross-site scripting. The vulnerability exsits in showSuccessPage function in SpecialCreateAccount.php because the username is not properly escaped which allows an attacker to inject and execute javascript...

Improper Link Input Validation leads to Cross-site Scripting (XSS)

Description The link input validation is not filtered protocol javascript of href attribute. It allows attackers to inject malicious links to many fields of the website, such as author introduction, user summary, and book description, ... which could execute javascript code XSS. Proof of Concept...

CVE-2022-31035 External URLs for Deployments can include javascript in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the...

parse-url 跨站脚本漏洞

parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from a last fix can be bypassed and can be exploited by an attacker to place any malicious JS code on a web page...

PT-2022-10865 · Ibm · Ibm Cognos Analytics +1

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics version 2.0 IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

Cross-site Scripting (XSS)

krayin/laravel-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the v-html parameter in table-body.vue, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scriptingXSS attacks. The library does not properly validate the url parameter in application-urls.tsx which allows an attacker to inject and execute malicious javascript, capable of creating, modifying, and deleting resources...

SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:2134-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2134-1 advisory. - ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19...

Argo CD's external URLs for Deployments can include JavaScript

Impact All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions up to and including admin. The scri...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the type parameter, allowing an attacker to inject and execute malicious javascript...

CVE-2022-29034

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting XSS attacks...

CVE-2022-29034

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting XSS attacks...

CVE-2022-29034

Siemens SINEMA Remote Connect Server is affected for all versions prior to 3.1. The vulnerability is a reflected cross-site scripting (XSS) flaw in the web interface where an error message popup window does not prevent JavaScript injection. Under CVSS3.1, base score 6.1 (NETWORK, LOW attack compl...

CVE-2022-1695

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...

CVE-2022-1695

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...

Cross site request forgery (csrf)

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...

RosarioSIS 跨站脚本漏洞

RosarioSIS Student Information System, designed for school administration, is designed to meet the most important needs of administrators, teachers, support staff, parents, students and clerical staff, however, it also adds many components not normally found in student information systems. versio...

WordPress plugin WP Simple Adsense Insertion 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...

FlatCore-CMS 跨站脚本漏洞

flatCore-CMS is a PHP and MySQL/SQLite based Web Content Management System CMS. flatCore-CMS version 2.0.9 is vulnerable to a cross-site scripting XSS vulnerability. An attacker could use this vulnerability to inject malicious JavaScript programs, steal cookies from other users, etc...