4739 matches found
Project Worlds Online Examination System Cross-Site Scripting Vulnerability
Project Worlds Online Examination System is an online examination system. version 1.0 of ProjectWorlds College Management System is vulnerable to a cross-site scripting vulnerability that could be exploited to inject malicious JavaScript code to execute and steal user credentials...
IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2021-36549)
IBM Maximo Asset Management is a comprehensive solution for asset-intensive industries to manage corporate physical assets through a common platform. A cross-site scripting vulnerability exists in IBM Maximo Asset Management versions 7.6.0, 7.6.1. The vulnerability can be exploited by a user to...
GHSA-VH59-V9R5-4MH4 Cross-site scripting in jspdf
Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method...
PT-2021-3535 · WordPress · Kaswara Modern Vc Addons
Name of the Vulnerable Software and Affected Versions: Kaswara Modern VC Addons versions through 3.0.1 Description: The issue is related to unlimited file upload of dangerous types. Exploitation can allow a remote attacker to upload and execute arbitrary files. The vulnerability allows...
Design/Logic Flaw
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...
CVE-2021-20577
IBM Cloud Pak for Security CP4S 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
Command Injection in @theia/messages
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
IBM Control Desk Cross-Site Scripting Vulnerability
IBM Control Desk is an application from IBM USA. Automated service management and seamlessly integrated, best-practice based service desk functionality. IBM Smart Cloud Control Desk suffers from a cross-site scripting vulnerability that originates from allowing a user to embed arbitrary JavaScrip...
IBM Cloud Pak for Security Cross-Site Scripting Vulnerability (CNVD-2021-34348)
IBM Cloud Pak for Security is an application from IBM America, Inc. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. A cross-site scripting vulnerability exists in IBM Cloud Pak for Security versions...
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2021-36080)
QRadar SIEM is an IBM enterprise security information and event management product that consolidates log event and network flow data from thousands of devices, endpoints and applications scattered across the network. A cross-site scripting vulnerability exists in IBM QRadar SIEM versions 7.3 and...
IBM FlashSystem 900 Cross-Site Scripting Vulnerability
IBM FlashSystem 900 is a software application from IBM, USA. Provides a subtle delay. A cross-site scripting vulnerability exists in IBM FlashSystem 900 versions 1.5.2.9 and 1.6.1.3 that allows an attacker to alter the intended functionality by embedding arbitrary JavaScript code in the Web UI,...
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2021-40869)
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...
Cross site scripting
A flaw was found in the Key Recovery Authority KRA Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting XSS vulnerability. An attacker could trick an authenticated victim into executing...
Cross site scripting
A stored cross-site scripting XSS vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'...
CVE-2021-29388
A stored cross-site scripting XSS vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'...
IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2021-32635)
IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A cross-site scripting vulnerability exists in IBM Content Navigator version 3.0.CD. An attacker can exploit the vulnerability to embed arbitra...
IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2021-32634)
IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A cross-site scripting vulnerability exists in IBM Content Navigator version 3.0.CD. An attacker can exploit the vulnerability to embed arbitra...