4739 matches found
CVE-2020-20269
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22...
Cross site scripting
Feehi CMS 2.0.8 is affected by a cross-site scripting XSS vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS...
Cross site scripting
RockOA V1.9.8 is affected by a cross-site scripting XSS vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/modeemailmAction.php does not perform strict filtering...
Cross site scripting
A cross-site scripting XSS vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code...
Code injection
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22...
Acronis: Stored XSS in profile page
Summary There is a stored XSS vulnerability in the users profile page. Steps: 1-Go to https://forum.acronis.com , create an user and login 2-Go to profile and edit it 3- enter javascript code in Signature field for exampe use this code in Signature : test 4-send this profile to other users ,or se...
XSS vulnerability in company name field in Mautic
Impact Mautic version 2.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Company's name that can result in denial of service and execution of javascript code. Patches Update to 2.14.0 or later. Workarounds None. For more information If you have any questions or comments about...
GHSA-9HX7-RG7W-XM79 XSS vulnerability in company name field in Mautic
Impact Mautic version 2.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Company's name that can result in denial of service and execution of javascript code. Patches Update to 2.14.0 or later. Workarounds None. For more information If you have any questions or comments about...
WebView Vulnerability in X Browser
X Browser is a mobile browser for the Android platform. X Browser has a WebView vulnerability that can be exploited by an attacker to execute JS code across domains and take full control of a user's browser...
Cross-Site Scripting (XSS)
@scullyio/scully is vulnerable to cross-site scripting XSS. The transfer-state is serialized using JSON.stringify function and subsequently written into the HTML page without sanitization, allowing an attacker to inject arbitrary Javascript code in a user's browser...
OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-03046)
OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. The vulnerability can be exploited to conduct cross-site scripting attacks via a "reservation"...
CVE-2021-23935
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code...
CVE-2021-23935
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code...
CVE-2021-23934
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code...
CVE-2021-23934
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code...
CVE-2021-23934
OX App Suite up to version 7.10.4 is vulnerable to a Cross-Site Scripting (XSS) issue that can be triggered by a contact name containing JavaScript code. This is documented across multiple sources in the connected set (e.g., CVE entry and CNVD/Red Hat entries). The available documents describe th...
CVE-2021-23934
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code...
CVE-2021-23935
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code...
Cross site scripting
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186790...
CVE-2020-4664
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...