Mara CMS Cross-Site Scripting Vulnerability (CNVD-2021-84589)

Mara CMS is a file-based content management system. A cross-site scripting vulnerability exists in Mara CMS version 7.5, which stems from a lack of checksum filtering of user-supplied and output data in the menuedit.php component. An attacker can exploit this vulnerability to execute JavaScript...

SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory. - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client...

SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3254-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3254-1 advisory. - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client...

About the security content of iTunes U 3.8.3

About the security content of iTunes U 3.8.3 This document describes the security content of iTunes U 3.8.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

✍️ Description Stored xss bug allow to execute arbitary javascript code in vicitm account 🕵️‍♂️ Proof of Concept 1. First create a document and put bellow xss payload inside document content .\ xss"''\ 2. Now any user view this document project then xss is executed VIDEO POC --...

CVE-2021-30862

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

Input validation

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2021-30862

CVE-2021-30862 affects Apple iTunes U prior to version 3.8.3. It is due to a validation/input sanitization issue that can allow processing of a malicious URL to trigger arbitrary JavaScript code execution. Apple patched this in iTunes U 3.8.3 (HT212809). The vulnerability impacts the iTunes U com...

CVE-2021-21800

Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...

CVE-2021-21803

Advantech R‑SeeNet’s device_graph_page.php has multiple reflected XSS vulnerabilities (CVE-2021-21803) via parameters such as is2sim, graph, and device_id. Exploitation can execute arbitrary JavaScript in the victim’s browser, even without authentication. Affected version noted in sources around ...

CVE-2021-21803

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

CVE-2021-21800

Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...

PT-2021-14786 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is related to the device graph page.php script in Advantech R-SeeNet web applications. It allows an attacker to execute arbitrary JavaScript code by crafting a special...

Cross-site Scripting (XSS) - Stored in falconchristmas/fpp

✍️ Description fpp is vulnerable to XSS through file name. 🕵️‍♂️ Proof of Concept 1. Access /upload. 2. Change the name of an image to .png. 3. Upload it. 💥 Impact JavaScript code execution...

Apache Druid 0.20.0 Remote Command Execution Exploit

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript...

Apache Druid 0.20.0 Remote Command Execution

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript...

CVE-2021-1748

CVE-2021-1748: A validation issue in processing a URL was fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. The vulnerability could allow arbitrary javascript execution when handling a malicious URL. Connected Apple advisories (HT212149/HT212148/HT212146) confirm the affected platforms a...

CVE-2021-1748

A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-23380)

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in the status parameter in...

RACOM M!DGE Cross-Site Scripting Vulnerability

The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. A cross-site scripting vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. An attacker can exploit this vulnerabilit...