4739 matches found
Ice Hrm Cross-Site Scripting Vulnerability (CNVD-2022-67479)
Ice Hrm is a human resource management system. Ice Hrm version 30.0.0.OS is vulnerable to a cross-site scripting vulnerability caused by a lack of data validation filtering of user-supplied and output data in the "m" parameter of the user dashboard. An attacker could exploit this vulnerability to...
Maxsite CMS Cross-Site Scripting Vulnerability (CNVD-2022-33827)
MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project.Maxsite CMS has a cross-site scripting vulnerability , the vulnerability stems from the lack of parameters in the management file f the user-supplied data and output data validation filter , an attacker...
CVE-2021-46387
CVE-2021-46387 affects ZyXEL ZyWALL 2 Plus Internet Security Appliance. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insecure URI handling, enabling an attacker to execute arbitrary JavaScript in a user’s browser and potentially perform clipboard hijacking or session hijackin...
Cross-site Scripting (XSS)
getgrav/grav is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to invalid input validation in the detectXss function in the Security.php file which allows remote attackers to inject and execute arbitrary javascript code in the victim's browser...
JetBrains YouTrack Cross-Site Scripting Vulnerability (CNVD-2022-20142)
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. A cross-site scripting vulnerability exists in previous versions of JetBrains YouTrack 2021.4.36872, which stems from the lack of data validation filtering of user-supplied data and...
JetBrains YouTrack Cross-Site Scripting Vulnerability (CNVD-2022-20143)
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains YouTrack 2021.4.31698, which stems from a lack of data validation filtering of user-supplied data and output...
BloofoxCms Cross-Site Scripting Vulnerability (CNVD-2022-17027)
BloofoxCms is a Php-based text content management system from alexlang24 personal developer. bloofoxCMS suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the file and type parameters in index.php. An attacker...
WordPress Survey Maker plugin跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Survey Maker plugin 2.0.6 and previous versions have a cross-site scripting vulnerability, which can be exploited by attacke...
Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4663 and CVE-2019-4720)
Summary Security vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. IBM Spectrum Control has addressed the following CVEs. Vulnerability Details CVEID: CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server 7.0...
WordPress PowerPack Lite for Beaver Builder plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress PowerPack Lite for Beaver Builder plugin...
Cross-site Scripting (XSS) - Stored in librenms/librenms
Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...
OIC Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2022-33604)
OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports editing directly in the page and provides user management, site configuration, content editing and other functions. oic Exponent CMS has a cross-site scripting vulnerability,...
XWiki Platform Cross-Site Scripting Vulnerability (CNVD-2022-13407)
Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output in registerinline, which could be...
Cross-site Scripting (XSS) - Generic in librenms/librenms
Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code which affected Alerts module Alert Transport in Transport name field. Proof of Concept Endpoint: 1 POST http://HOST/ajaxform.php - Parameter name Payload: ' XSS will...
CVE-2021-42940
A Cross Site Scripting XSS vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code...
Cross-site Scripting in aurelia-framework
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...
GHSA-VP4X-94FF-2CMV Cross-site scripting in forkcms
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
CVE-2022-22589
A vulnerability was found in WebKitGTK. The vulnerability exists due to improper input validation in WebKit when processing email messages. This flaw allows a remote attacker to trick the victim into opening a specially crafted email message and execute arbitrary JavaScript code...
Emlog Cross-Site Scripting Vulnerability (CNVD-2022-11528)
Emlog is a PHP and MySQL-based CMS website builder from Emlog personal developers. Emlog suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could use this vulnerability to execute JavaScript code ...