4739 matches found
FreeBSD : couchdb -- user privilege escalation (a7dd4c2d-77e4-46de-81a2-c453c317f9de)
Cory Sabol reports : A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will...
WordPress Simple Social Media Share Buttons plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress Simple Social Media Share Buttons plugin prior...
myfactory.FMS 7.1-911 Cross Site Scripting Vulnerability
Cross-Site Scripting in myfactory.FMS During a penetration test, a reflected cross-site scripting vulnerability XSS was found in the myfactory.FMS login form. If a user opens an attacker-prepared link to the application, attackers can run arbitrary JavaScript code in the user's browser. Details...
Opensis Cross-Site Scripting Vulnerability (CNVD-2021-101538)
openSIS is a free and open source student information system/school management software. openSIS version 8.0 contains a cross-site scripting vulnerability. An attacker can exploit the vulnerability to inject and execute JavaScript code via the linkurl parameter in Ajaxurlencode.php...
CVE-2021-40542
Opensis-Classic Version 8.0 is affected by cross-site scripting XSS. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php...
CVE-2021-40542
Opensis-Classic Version 8.0 is affected by cross-site scripting XSS. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php...
SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory. - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page basic XSS in management UI bsc1187818. -...
IBM Sterling File Gateway Cross-Site Scripting Vulnerability (CNVD-2021-78438)
IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.IBM Sterling File Gateway versions 2.2.0.0-5.2.6.54, 6.0.0.0-6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.2...
IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2021-88192)
IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...
Zammad Cross-Site Scripting Vulnerability (CNVD-2021-81956)
Zammad is a Web-based open source help desk/customer support system. An attacker could upload an attachment to a "work order" via an "article", which could be exploited to inject malicious JavaScript code...
Esri Portal for ArcGIS Cross-Site Scripting Vulnerability
Esri Portal for ArcGIS is a Web-oriented, enterprise-class software platform for providing geolocation services from Esri, Inc. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS 10.9 and prior versions, which stems from the application's lack of validation of user input and...
Spotweb Cross-Site Scripting Vulnerability (CNVD-2021-83615)
Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...
Spotweb Cross-Site Scripting Vulnerability (CNVD-2021-83612)
Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...
Cross site scripting
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
CVE-2021-22261
A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...
CVE-2021-22261
A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...
CVE-2021-22261
A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...
Cross site scripting
A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...
CVE-2021-22261
A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...
CVE-2021-22261
Removed by vendor...