4739 matches found
CVE-2021-33829
A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...
Cross site scripting
A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...
CVE-2021-33829
A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...
SUSE: Security Advisory (SUSE-SU-2020:14290-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-32106
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...
CVE-2021-32106
CVE-2021-32106 affects ICEcoder 8.0. The connected documents describe a reflected XSS in the multipe-results.php page caused by insufficient sanitization of the GET['replace'] parameter, allowing arbitrary JavaScript code execution. The vulnerability is documented across multiple feeds (NVD, Red ...
CVE-2021-32106
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...
McAfee Database Security Cross-Site Scripting Vulnerability
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...
CVE-2021-31830
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...
IBM Engineering Lifecycle Optimization - Engineering Insights Cross-Site Scripting Vulnerability
IBM Engineering Lifecycle Optimization - Engineering Insights is a collaborative Web-based application that unlocks engineering data from a variety of lifecycle management applications to give you the information you need to make the best engineering decisions. A cross-site scripting vulnerabilit...
IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2021-39248)
IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management with broad coverage from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management version 7.0.0, 7.0.1. An...
IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2021-40858)
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...
CVE-2021-29670
CVE-2021-29670 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products (including Engineering Insights, DOORS Next, RQM, ETM, EWM, ELN, etc.). The issue allows an attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality an...
CVE-2021-29668
CVE-2021-29668 is a cross-site scripting (XSS) vulnerability affecting IBM Jazz Foundation and IBM Engineering products (ELM/DOORS Next/RQM/ETM/ENI/RMM/etc.). The WEB UI fails to validate user-supplied data, allowing an attacker to inject JavaScript and potentially disclose credentials within a t...
IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2021-38770)
IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...
IBM WebSphere Exteme Scale Cross-Site Scripting Vulnerability (CNVD-2021-39671)
IBM WebSphere Exteme Scale is a resilient, highly scalable in-memory data grid from IBM USA. It can provide predictable responsiveness to meet exponential demands on data. IBM WebSphere Exteme Scale Liberty suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary...
1 CDN Cross-Site Scripting Vulnerability
1CDN is an open source file sharing software. A cross-site scripting vulnerability exists in versions prior to 1CDN f88a2730fa50fc2c2aeab09011f6f142fd90ec25. An attacker can exploit this vulnerability to inject ///code and execute JavaScript code on the client side...
CVE-2021-3486
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...
Code injection
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...
CVE-2021-3486
CVE-2021-3486 relates to GLPI 9.5.4 where metadata is not sanitized, enabling stored XSS in plugins and execution of JavaScript in the user’s browser. The root cause is lack of proper sanitation in the metadata handling. The description provides the affected software (GLPI 9.5.4) and the impact (...