CVE-2019-25028

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector...

CVE-2019-25028

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector...

Design/Logic Flaw

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector...

CVE-2019-25028

CVE-2019-25028 describes a stored cross-site scripting (XSS) vulnerability in Vaadin's Grid component (com.vaadin:vaadin-server). Affected are Vaadin Server versions 7.4.0–7.7.19 and 8.0.0–8.8.4. An attacker could inject malicious JavaScript via an unspecified vector, with potential impact includ...

SUSE: Security Advisory (SUSE-SU-2018:1334-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

Cross site scripting

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

Atlassian Jira Server & Data Center 跨站脚本漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a cross-site scripting vulnerability th...

Cross-Site Scripting (XSS)

sickrage is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser due to lack input validation and output sanitization...

IBM Jazz Team Server 跨站脚本漏洞

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...

IBM Jazz Team Server 跨站脚本漏洞

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...

Echel0n SiCKRAGE 跨站脚本漏洞

SickRage is an automated video library manager for TV programs. A stored cross-site scripting vulnerability exists in SiCKRAGE version 4.2.0 - 10.0.11.dev1. The vulnerability stems from the server processing user input without properly validating user input. An attacker can exploit the...

Web-School ERP Cross-Site Scripting Vulnerability

Web-School ERP is a school management software for schools and educational organizations. A cross-site scripting vulnerability exists in the Activity Name and Description fields in Web-School ERP version 5.0. An attacker can exploit this vulnerability to inject and execute JavaScript code, which...

Cross site scripting

The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting XSS vulnerability affecting versions 2.0.0 up to and including 3.2.4. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who...

CVE-2021-30113

A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...

Cross site scripting

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...

Cross site scripting

A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...

CVE-2021-3012

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

CVE-2021-30113

CVE-2021-30113 affects Web-School ERP v5.0. A blind XSS vulnerability exists in the Add Events fields (event name and description) where injected JavaScript can be stored and executed when visitors view the event, potentially exfiltrating victim information. The provided sources describe the vuln...

Web-School ERP 跨站脚本漏洞

Web-School ERP is a school management software for schools and educational organizations. A stored cross-site scripting vulnerability exists in the Activity Name and Description fields in Web-School ERP version 5.0. An attacker can exploit the vulnerability to inject and execute JavaScript code...