4739 matches found
CVE-2021-34994
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...
CVE-2021-34994
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...
CVE-2022-22123
In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server...
CVE-2022-22125
In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...
CVE-2022-22125 Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Tag
In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...
CVE-2022-22123 Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Title
In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server...
CVE-2021-44649
Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...
Cross site scripting
Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...
CVE-2022-22116
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...
CVE-2022-22116 Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...
Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02488)
Apache Pluto is a runtime environment for a set of Portlet containers from the Apache Foundation.Apache Pluto in version 3.1.0 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the first name and last name fields. An...
AjaxNetProfessional deserializes arbitrary JavaScript objects
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary JavaScript objects. Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise...
Card skimmers strike Sotheby’s in Brightcove supply chain attack
Over 100 real estate websites have been compromised by the same web skimmer in a supply chain attack. So what happened? On Monday, January 3, Palo Alto said it had found a supply chain attack that used a cloud video platform to distribute skimmer campaigns. The attacker injected the skimmer’s...
Latte Cross-Site Scripting Vulnerability
Latte is a template engine for Nette Foundation's Php. Latte in version 2.8.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client...
WordPress CRM Form Entries Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress CRM Form Entries Plugin has a cross-site scripting vulnerability in versions prior to 1.1.7, which ste...
ifme Cross-Site Scripting Vulnerability
Ifme is open source a mental health experience community that encourages people to share their personal stories with trusted allies. Ifme suffers from a cross-site scripting vulnerability in versions v7.22.0 through v7.31.4, which stems from a lack of checksum filtering of user-supplied data and...
SAFARI Montage Cross-Site Scripting Vulnerability
SAFARI Montage is a formative assessment tool from safarimontage that enables teachers to check students' understanding of topics or concepts during the course. A cross-site scripting vulnerability exists in SAFARI Montage versions 8.3 and 8.5, which can be exploited by an attacker to execute...
NUUO Network Video Recorder NVRsolo Cross-Site Scripting Vulnerability
NUUO Network Video Recorder NVR is a network video recorder from NUUO, Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo version 3.9.1, which stems from the lack of effective filtering and escaping of user-submitted request parameters, and can be...
IBM OPENBMC Cross-Site Scripting Vulnerability
IBM OPENBMC is a POWER8 and POWER9 emulator from International Business Machines Corporation Ibm. IBM OPENBMC has a cross-site scripting vulnerability in version OP910 that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability...
WordPress Tickera plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.Tickera plugin in versions prior to 3.4.8.3 suffers from a cross-site scripting vulnerability, which stems from a...