PT-2021-22548 · WordPress · Optinmonster

Name of the Vulnerable Software and Affected Versions: OptinMonster WordPress plugin versions up to, and including, 2.6.4 Description: The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2021-88192)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

Cross site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

SUSE: Security Advisory (SUSE-SU-2020:14290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2021-38770)

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...

1 CDN Cross-Site Scripting Vulnerability

1CDN is an open source file sharing software. A cross-site scripting vulnerability exists in versions prior to 1CDN f88a2730fa50fc2c2aeab09011f6f142fd90ec25. An attacker can exploit this vulnerability to inject ///code and execute JavaScript code on the client side...

GHSA-VH59-V9R5-4MH4 Cross-site scripting in jspdf

Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method...

PT-2021-3535 · WordPress · Kaswara Modern Vc Addons

Name of the Vulnerable Software and Affected Versions: Kaswara Modern VC Addons versions through 3.0.1 Description: The issue is related to unlimited file upload of dangerous types. Exploitation can allow a remote attacker to upload and execute arbitrary files. The vulnerability allows...

CVE-2021-20577

IBM Cloud Pak for Security CP4S 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

Unisys Data Exchange Management Studio Cross-Site Scripting Vulnerability

Unisys Data Exchange Management Studio is a data exchange component from the American company Unisys. A cross-site scripting vulnerability exists in Unisys Data Exchange Management Studio version 5.0.34 and prior versions, which originates from input that is not cleared from HTML document fields,...

IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2021-32635)

IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A cross-site scripting vulnerability exists in IBM Content Navigator version 3.0.CD. An attacker can exploit the vulnerability to embed arbitra...

Cross-site scripting in SiCKRAGE

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...

IBM Edge Cross-Site Scripting Vulnerability

IBM Edge Application Manager is an application from IBM Corporation, USA. It provides powerful solutions to address the need to deliver enterprise computing power at the edge of the cloud, closer to where the data is created and at the edge of the enterprise where action needs to be taken. A...

CVE-2021-25925

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...

CVE-2021-30111

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...

Seafile Cross-Site Scripting Vulnerability

Seafile is an open source, cross-platform file hosting software system. A cross-site scripting vulnerability exists in Seafile 7.0.5. The vulnerability can be exploited to inject and execute malicious JavaScript code via the "shared library feature"...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-31960)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI, which c...

CVE-2021-28161

The CVE-2021-28161 entry concerns Eclipse Theia prior to or including version 1.8.0, where the debug console does not escape HTML. This lack of escaping enables injection of arbitrary JavaScript code through the console, constituting a cross-site scripting risk. The vulnerability is tied to Theia...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-07546)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI to chang...

CVE-2020-4664

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...