4739 matches found
Unisys Data Exchange Management Studio Cross-Site Scripting Vulnerability
Unisys Data Exchange Management Studio is a data exchange component from the American company Unisys. A cross-site scripting vulnerability exists in Unisys Data Exchange Management Studio version 5.0.34 and prior versions, which originates from input that is not cleared from HTML document fields,...
Apache Druid 0.20.0 Remote Command Execution Exploit
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript...
Apache Druid 0.20.0 Remote Command Execution
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript...
Cross-site scripting in SiCKRAGE
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...
IBM Edge Cross-Site Scripting Vulnerability
IBM Edge Application Manager is an application from IBM Corporation, USA. It provides powerful solutions to address the need to deliver enterprise computing power at the edge of the cloud, closer to where the data is created and at the edge of the enterprise where action needs to be taken. A...
CVE-2021-26812
Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...
CVE-2021-26812
Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...
IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2021-32643)
IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...
IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2021-32645)
IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...
CVE-2021-25925
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...
Cisco Cross-Site Scripting Vulnerability
Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A security vulnerability exists ...
CVE-2021-30111
A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...
CVE-2021-30111
A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...
CVE-2021-3012
A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...
Cross site scripting
A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...
CVE-2021-3012
A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...
CMSimple 5.2 - (External) Stored XSS Vulnerability
Exploit Title: CMSimple 5.2 - 'External' Stored XSS Exploit Author: Quadron Research Lab Version: CMSimple 5.2 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.cmsimple.org/en/ Description The CMSimple 5.2 allow stored XSS via the Settings CMS Filebrowser "External:" input field...
Seafile Cross-Site Scripting Vulnerability
Seafile is an open source, cross-platform file hosting software system. A cross-site scripting vulnerability exists in Seafile 7.0.5. The vulnerability can be exploited to inject and execute malicious JavaScript code via the "shared library feature"...
Exploit for Cross-site Scripting in Seafile
CVE-2021-30146 Seafile 7.0.5 Persistent XSS Suggested descri...
IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2021-26139)
IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. A cross-site scripting vulnerability exists in IBM...