CVE-2022-38207 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38204 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38209 Reflected XSS vulnerability in Portal for ArcGIS

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38204 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38207 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38206

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser...

Cross site scripting

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser...

Cross site scripting

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

PT-2022-24286 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9.1 and below Description: The issue is related to a reflected XSS vulnerability that may allow a remote, unauthenticated attacker to create a crafted link. When clicked, this link could execute arbitrary...

Equifax-vdp: reflected XSS in [www.equifax.com]

A reflected XSS vulnerability was found in the search functionality of Equifax's website. An attacker could execute malicious JavaScript code on a victim's browser by injecting a payload into the "q" parameter of the search query. This could potentially allow the attacker to steal the victim's...

CVE-2022-44012

An issue was discovered in /DS/LMAPI/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be...

CVE-2022-44012

An issue was discovered in /DS/LMAPI/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be...

IBM Security Verify Governance Identity Manager Cross-Site Scripting Vulnerability

IBM Security Verify Governance Identity Manager is an IBM network appliance-based integration that focuses on business-centric rules, activities, and processes. version 10.0.1 of IBM Security Verify Governance Identity Manager is vulnerable to A cross-site scripting vulnerability exists. An...

CVE-2022-22456 IBM Security Verify Governance, Identity Manager cross-site scripting

IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

Fedora 36 : ckeditor (2022-b61dfd219b)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b61dfd219b advisory. CKEditor 4.20 New Features: 5084: Added the config.tabletoolsscopedHeaders configuration option controlling the behaviour of table headers with and...

CVE-2022-46771 IBM UrbanCode Deploy (UCD) cross-site scripting

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

CVE-2022-32763

A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-28703

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...

csaf-poc/csaf_distribution Cross-site Scripting vulnerability

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...