CVE-2020-25631

A flaw was found in Moodle in versions 3.9 to 3.9.1, 3.8 to 3.8.4, and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This issue is fixed in versions 3.9.2, 3.8.5, and 3.7.8...

IBM Jazz Team Server 跨站脚本漏洞

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...

Cross-site Scripting in OctoPrint

Cross-site Scripting XSS - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. The login endpoint allows for javascript injection which may lead to account takeover in a phishing scenario...

GHSA-X7R7-WMJ8-VV5G Cross-site Scripting in OctoPrint

Cross-site Scripting XSS - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. The login endpoint allows for javascript injection which may lead to account takeover in a phishing scenario...

GHSA-FJ26-Q4VH-85F6 MoinMoin Cross-site Scripting (XSS) vulnerability

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...

MoinMoin Cross-site Scripting (XSS) vulnerability

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...

GHSA-3X76-J3JJ-439J MoinMoin Cross-site Scripting (XSS) vulnerability

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...

MoinMoin Cross-site Scripting (XSS) vulnerability

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...

CVE-2021-27442

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code...

Fake reCAPTCHA forms dupe users via compromised WordPress sites

Researchers at Sucuri investigated a number of WordPress websites complaining about unwanted redirects and found websites that use fake CAPTCHA forms to get the visitor to accept web push notifications. These websites are a new wave of a campaign that leverages many compromised WordPress sites...

GHSA-7JG2-JGV3-FMR4 Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8, Firefox 60 and...

GHSA-R69C-5J7C-VM6Q Cross-site Scripting in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...

Cross site scripting

A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

Microweber vulnerable to cross-site scripting (XSS)

Microweber is a drag and drop website builder and a powerful next generation CMS. Microweber versions 1.2.15 and prior are vulnerable to cross-site scripting. This could lead to injection of arbitrary JaveScript code, defacement of a page, or stealing cookies. A patch is available on the master...

CVE-2022-25781

Cross-site Scripting XSS vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session...

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.16, which allows an...

Secomea GateManager 跨站脚本漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerabilities exist in versions prior to Secomea GateManager 9.7, which can be exploited by attackers to inject javascript or html into a logged-in user session...

CVE-2021-43932

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...

Code injection

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...