CVE-2021-38966

IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357...

Cross-site Scripting (XSS)

epiphany is vulnerable to cross-site scripting. An attacker is able to exploit the vulnerability by getting a user to visit an XSS payload page often enough to place that page on the most visited list to inject and execute arbitrary javascript...

Fresenius Kabi Agilia Connect Infusion System 跨站脚本漏洞

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.A cross-site scripting vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which can be exploited by attackers to inject JavaScript into the GET parameter of HTTP request'...

CVE-2021-44163

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS reflected Cross-site scripting attack without authentication...

Cross site scripting

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS reflected Cross-site scripting attack without authentication...

Chain Sea Ai Chatbot System跨站脚本漏洞

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, China. Chain Sea Ai Chatbot System is vulnerable to a cross-site scripting vulnerability, which is caused by the product not filtering special characters in URL parameters and can be exploited for JS...

UiPath Assistant 注入漏洞

UiPath Assistant is a specialized tool for UiPath designed to make it easy and fun for users to interact with bots from the desktop. UiPath Assistant 21.4.4 suffers from a security vulnerability that stems from user control data provided to the --process-start parameter of the uipath-assistant://...

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...

Malicious Package

Overview discordjs-lofy is a malicious package. This package injecting malicious Javascript code into the Discord client. Remediation Avoid using all malicious instances of the discordjs-lofy package...

Cross-Site Scripting (XSS)

kevinpapst/kimai2 is vulnerable to cross-site scripting. The vulnerability exists in commentContent function of MarkdownExtension.php because the markdown doesn't use safe mode which allows an attacker to inject and execute arbitrary javascript...

Cross-site Scripting (XSS)

kevinpapst/kimai2 is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the project, customer, and activity attributes in the setEntries function of KimaiRecentActivities.js as it does not properly escape the user inputs...

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing content such as key factors and key people. IBM Cognos Analytics has a security vulnerability...

The vulnerability of the BBCode parser in the vBulletin commercial web forum, related to the lack of protection for the website structure, allows a violator to execute arbitrary JavaScript.

The vulnerability of the BBCode parser in the vBulletin commercial web forum is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript by injecting code into messages using embedded BBCodes...

Cross Site Scripting (XSS)

@backstage/plugin-auth-backend is vulnerable to Cross Site Scripting. The vulnerability exists in makeCreateEnv of index.ts because the code doesn't enable authorization which allows an attacker to inject and execute arbitrary javascript...

CVE-2021-42119 Stored XSS in Search Function in TopEase

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36332

CVE-2021-36332 affects Dell EMC CloudLink 7.1 and earlier. The issue is a HTML/JavaScript injection (input validation) vulnerability that could be exploited remotely by a low-privilege attacker to redirect end users to arbitrary or malicious websites. Multiple connected sources corroborate the vu...

Cross-site Scripting (XSS)

plupload is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the file.name field as it does not properly encode the user input file name...