CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

CVE-2021-46678

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...

Cross site scripting

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting XSS vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window...

Input validation

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

Cross site scripting

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements...

CVE-2021-46680

CVE-2021-46680 affects Pandora FMS versions prior to 756 (i.e., 756 and earlier). The vulnerability is a cross-site scripting (XSS) flaw in the module form name field, enabling an attacker to execute JavaScript in the context of the affected web interface. Reported across multiple sources (NVD en...

CVE-2021-46681

PT-2022-12901 (PT Security) provides concrete details for CVE-2021-46681: affected software Pandora FMS versions 756 and below with a Cross-Site Scripting vulnerability in the module massive operation name field that enables execution of JavaScript code. The report notes there is no information a...

PT-2022-12898 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions prior to 756 Description: A XSS issue exists that allows an attacker to execute javascript code via the service name field. Recommendations: For versions prior to 756, update to a version above 756 to resolve the issue...

IBM DataPower Gateway Cross-Site Scripting Vulnerability (CNVD-2022-56972)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...

CVE-2022-31774

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

PT-2022-21444 · Ibm · Ibm Datapower Gateway

Name of the Vulnerable Software and Affected Versions: IBM DataPower Gateway versions 10.0.1.0 through 10.0.1.8 IBM DataPower Gateway versions 10.0.2.0 through 10.0.4.0 IBM DataPower Gateway version 10.5.0.0 IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.21 Description: This issue...

Transposh WordPress Translation 1.0.7 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Cross-Site Scripting CWE-79 Date found: 2021-08-19 Date published:...

WordPress Testimonials plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Testimonials plugin is vulnerable to a cross-site scripting vulnerability that stems from t...

WordPress wpWax Team Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress wpWax Team 1.2.6 and prior versions, which stems from the program's lack of checksum...

MTN Group: Reflected xss on videostore.mtnonline.com

Summary: Hi, I found reflected xss vuln on videostore.mtnonline.com Steps To Reproduce: 1. Open browser 2. Go to...

IBM Sterling Partner Engagement Manager Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in IBM Sterling Partner Engagement Manager, an automation management tool from IBM. IBM Sterling Partner Engagement Manager stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to...

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

IBM Engineering Requirements Quality Assistant Cross-Site Scripting Vulnerability (CNVD-2022-87649)

IBM Engineering Requirements Quality Assistant is a Watson AI-based software from IBM to assist developers in improving the quality of engineering requirements. All versions of IBM Engineering Requirements Quality Assistant are vulnerable to a cross-site scripting vulnerability that stems from a...

CVE-2021-29788

CVE-2021-29788 affects IBM Engineering Requirements Quality Assistant On-Premises (all versions). A cross-site scripting vulnerability arises from inadequate data validation/output filtering, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials wit...