4739 matches found
spotweb Cross-Site Scripting Vulnerability (CNVD-2022-08194)
Spotweb is a Php-based Soptnet client from the Spotweb team that follows the Spotnet protocol. JavaScript code...
TYPO3 femanager 6.3.0 Cross Site Scripting Vulnerability
======================================================================= title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and below fixed version: 6.3.1 and 5.5.1 CVE number: CVE-2021-36787 impact: Medium homepage:...
CVE-2021-45224
An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious UR...
PT-2022-12309 · Unknown · Coins Construction Cloud
Name of the Vulnerable Software and Affected Versions: COINS Construction Cloud version 11.12 Description: An issue was discovered in the application where JavaScript code is passed as a URL parameter in several locations. This allows attackers to alter the code and cause malicious behavior, maki...
microweber cross-site scripting vulnerability
Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in microweber, which stems from a lack of data...
WordPress WP HTML Mail plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WP HTML Mail plugin in version 3.0.9 and earlier is vulnerable to a cross-site scripting vulnerability tha...
mysiteforme cross-site scripting vulnerability
Mysiteforme is a permission management system. mysiteforme suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the blog tagging function of the backend blog management. An attacker could exploit the vulnerability...
zulip cross-site scripting vulnerability
Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. Zulip suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of...
Mitsubishi Electric MC Works64 Cross-Site Scripting Vulnerability
Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. Mitsubishi Electric MC Works64 suffers from a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied data and output. An attacker could exploi...
PhpIPAM Cross-Site Scripting Vulnerability (CNVD-2022-08175)
phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM in v1.4.4 is vulnerable to a cross-site scripting vulnerability that stems from a lack of user-supplied data and output data validation filtering in the Site title parameter when updating site settings. ...
pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07500)
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications.Pimcore has cross-site scripting...
Saraban Cross-Site Scripting Vulnerability
Saraban is a document management system from Softvibe Thailand. It is used for transferring files and notifications to reduce unnecessary duplication.SARABAN has a cross-site scripting vulnerability in version 1.1, which stems from the lack of data validation filtering of user-supplied data and...
F5 NGINX Controller API Code Injection Vulnerability
The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...
pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07504)
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore has a cross-site scripting...
WordPress WP Booking System plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress WP Booking System plugin has a cross-site scripting vulnerability in versions prior to 2.0.15...
chaskiq cross-site scripting vulnerability
Chaskiq is an open source messaging platform. Used for marketing, support and sales. Chaskiq suffers from a cross-site scripting vulnerability that stems from a lack of data checksum filtering of user-supplied data and output. An attacker can exploit the vulnerability to execute JavaScript code o...
Halo cross-site scripting vulnerability (CNVD-2022-08379)
Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability that originates in Halo, versions v1.0.0 through v1.4.17 latest are susceptible to cross-site scripting XSS stored in the title of a post, which can be exploited by an attacker to...
Jenkins Badge Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...
Jenkins Matrix Project Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site scripting vulnerability exists in Jenkins Matrix Project Plugin in version 1.19 and earlier, which stems...
WordPress Contact Form Entries Plugin Security Vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Contact Form Entries Plugin has a cross-site scripting vulnerability in versions prior to 1.2.4, which stems from...