Cross site scripting

The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter...

Cross site scripting

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About...

Cross site scripting

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in = 9.1.0.1...

Cross site scripting

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter...

CVE-2020-24664

The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter...

CVE-2020-24670

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-07546)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI to chang...

RockOA Cross-Site Scripting Vulnerability

RockOA Xinhuo is an open source office OA system. RockOA V1.9.8 suffers from a drudgery script vulnerability, which stems from Because webmain/flow/input/modeemailmAction.php does not filter user input tightly, a remote attacker can send malicious code to the administrator and execute JavaScript...

CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

Hitachi Vantara Pentaho 跨站脚本漏洞

Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A DOM-type cross-site scripting vulnerability exists in Hitachi Vantara Pentaho in the Analysis Report...

IBM Cloud Pak for Security Cross-Site Scripting Vulnerability

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. A cross-site scripting vulnerability exists in IBM Cloud Pak for Security 1.4.0.0. The vulnerability can be exploited by a user to embed...

Cross site scripting

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963...

CVE-2021-20357

CVE-2021-20357 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and, in a trusted session, potentially disclose credentials. Connected sources corroborate a Web UI XSS across multiple IBM Jazz/F...

CVE-2020-4855

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457...

Cross site scripting

IBM Cloud Pak for Security CP4S 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

WordPress Plugin Easy Contact Form 'Name' Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. WordPress plugin Easy Contact Form 'Name' cross-site scripting vulnerability. An attacker c...

Revive Adserver 5.1.0 Cross Site Scripting

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2021-002 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2021-002...

Cross site scripting

A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...

CVE-2020-23774

A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...

CVE-2020-21147

RockOA V1.9.8 is affected by a cross-site scripting XSS vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/modeemailmAction.php does not perform strict filtering...