components-react 跨站脚本漏洞

components-react is a set of React components that help create intuitive, responsive and accessible user experiences for web applications. A cross-site scripting vulnerability exists in versions prior to @awsui/components-react 3.0.367 that could allow javascript injection...

CVE-2022-22126

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

CVE-2022-23053

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

Nasa Openmct 跨站脚本漏洞

Nasa Openmct is an open source open mission control technology from NASA, Inc. for visualizing data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct versions 1.3.0 through 1.7.7, which stems from the software's lack of effective filtering and escaping for...

Elastic Stack Kibana跨站脚本漏洞

Elastic Stack Kibana is an application from Elastic Stack USA. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through Elastic Stack. A security vulnerability exists in the Kibana index schema, which can be exploited by an authenticated attack...

Cross Site Scripting (XSS)

github.com/go-gitea/gitea is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization in the repository settings in the setting.go file allows the attacker to inject and execute arbitrary Javascript via the URL field in the external wiki/issue tracker...

CVE-2022-23049

Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the "User-Agent" header when logging in. When an administrator user visits the "User Sessions" tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session...

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

CVE-2022-23049

Exponent CMS 2.6.0patch2 is affected by a vulnerability where an authenticated user can inject persistent JavaScript in the User-Agent header at login. When an administrator visits the User Sessions tab, the injected script is executed, enabling session compromise of the administrator. The availa...

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

CVE-2022-23047

Exponent CMS 2.6.0patch2 is affected: an authenticated admin can inject persistent JavaScript into the Site/Organization Name, Site Title, and Site Header when updating settings via /exponentcms/administration/configure_site. Several connected sources describe this as a cross-site scripting issue...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

PT-2022-4547

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite versions 8.8.x through 8.8.15 patch 29 Description An issue was discovered in the Calendar feature, allowing an attacker to place HTML containing executable JavaScript inside element attributes. This markup becomes...

CVE-2022-0473

OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions...

CVE-2022-0473

OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions...

OTRS 跨站脚本漏洞

OTRS is an open source defect tracking and management system software. OTRS suffers from a cross-site scripting vulnerability that originates in a dynamic field that can be configured by OTRS administrators, where malicious JavaScript code can be injected in the error message of a regular...

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting. The vulnerability exists in getTreeAction function of ClassController.php because the icon field has not been escaped which allows an attacker to inject and execute arbitrary javascript...