4739 matches found
CVE-2021-21803
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21803
Advantech R‑SeeNet’s device_graph_page.php has multiple reflected XSS vulnerabilities (CVE-2021-21803) via parameters such as is2sim, graph, and device_id. Exploitation can execute arbitrary JavaScript in the victim’s browser, even without authentication. Affected version noted in sources around ...
CVE-2021-21800
Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...
PT-2021-14786 · Advantech · Advantech R-Seenet
Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is related to the device graph page.php script in Advantech R-SeeNet web applications. It allows an attacker to execute arbitrary JavaScript code by crafting a special...
CVE-2021-3043
A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...
CVE-2021-3043 Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console
A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...
Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console
A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...
IBM Cloud Pak for Applications Cross-Site Scripting Vulnerability (CNVD-2022-05115)
IBM Cloud Pak for Applications is an application from IBM of America, Inc. providing cloud-native development solutions that deliver rapid value. IBM Cloud Pak for Applications has a cross-site scripting vulnerability that stems from the application's IBM Cloud Pak being vulnerable to cross-site...
Cross site scripting
A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. A reflected cross-site scripting XSS vulnerability exists in the web interface of the affected...
IBM Tivoli Netcool/OMNIbus Web GUI Cross-Site Scripting Vulnerability (CNVD-2021-57448)
IBM Tivoli Netcool/OMNIbus is a service level management SLM system that provides real-time, centralized monitoring of complex networks and IT domains. web GUI is the web-based application version of the system that displays event data from multiple data sources in a variety of graphical formats ...
CVE-2021-29804
IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 20426...
Cross site scripting
IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 20426...
Cross site scripting
A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...
CVE-2021-29103 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.
A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...
CVE-2021-29106
A reflected Cross Site Scripting XSS vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...
Cross site scripting
A reflected Cross Site Scripting XSS vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...
CVE-2021-29106 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.
A reflected Cross Site Scripting XSS vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...
CVE-2021-29106 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.
A reflected Cross Site Scripting XSS vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...
Leaflet Map < 3.0.0 - Contributor+ Stored XSS
The plugin does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues PoC Most of the shortcode attributes are not escaped, so these are just one of them: leaflet-map...