CVE-2022-30624

Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password...

IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2022-55503)

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

PT-2022-20575 · Jquery +5 · Jquery Ui +5

Name of the Vulnerable Software and Affected Versions: jQuery UI versions prior to 1.13.2 Moodle versions prior to 3.11.17-alt1 Description: jQuery UI, a collection of user interface interactions, effects, widgets, and themes built on jQuery, is susceptible to a cross-site scripting XSS issue...

IBM i Cross-Site Scripting Vulnerability (CNVD-2022-83587)

IBM i is a set of operating systems from IBM running in IBM Power Systems and IBM PureSystems. IBM i versions 7.2, 7.3, 7.4, and 7.5 have a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploi...

Synology Calendar Cross-Site Scripting Vulnerability (CNVD-2022-67855)

Synology Calendar is a file protection program from Synology Inc. of Taiwan, China that runs on Synology NAS Network Storage Server devices. A cross-site scripting vulnerability exists in Synology Calendar versions prior to 2.4.5-10930. The vulnerability stems from the program's lack of data...

CVE-2022-30624

Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password...

Best Practical Request Tracker 跨站脚本漏洞

Best Practical Request Tracker is an event tracking system written in Perl. A cross-site scripting vulnerability exists in Best Practical Request Tracker. An attacker could use this vulnerability to trigger cross-site scripting in Request Tracker via the attachment content type, which could be us...

GitLab 14.4 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-2230)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an...

Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-56704)

Zabbix Frontend is a monitoring software front-end tool from the American company Zabbix. A cross-site scripting vulnerability exists in Zabbix Frontend, which can be exploited by an authenticated attacker to create a link to a discovery page with reflected Javascript code and send it to other...

Magnolia CMS Cross-Site Scripting Vulnerability

Magnolia CMS is an application from the Swiss company Magnolia that provides a framework for building websites. version 6.2.19 of Magnolia CMS contains a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacke...

Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-58412)

Zabbix Frontend is a monitoring software front-end tool from the American company Zabbix. A cross-site scripting vulnerability exists in Zabbix Frontend that stems from a graphical page that lacks checksum filters for user-supplied data and output. An authenticated attacker can exploit this...

EQS Integrity Line Cross-Site Scripting Vulnerability

EQS Integrity Line is a secure and anonymous reporting software from EQS Germany. EQS Integrity Line suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code on the client side...

PESCMS cross-site scripting vulnerability

A cross-site scripting vulnerability exists in PESCMS version V2.3.3, a content publishing platform. The vulnerability stems from App/Team/GET/Report.php missing a data validation filter for user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on t...

VICIdial Cross-Site Scripting Vulnerability

Vicidial is a software suite from Vicidial, Inc. Designed to interact with the Asterisk open source Pbx phone system as a complete inbound/outbound contact center suite with inbound email support. A cross-site scripting vulnerability exists in VICIdial versions prior to 2.14b0.5, which stems from...

CVE-2022-35230

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

CVE-2022-35229

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

CVE-2022-35230

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

CVE-2022-35229

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

Cross-site scripting - Stored via upload ".xlr" file

Description In file upload function, the server allow upload .xlr file with contain some javascript code lead to XSS. Proof of Concept REQUEST POST /demo/plupload HTTP/1.1 Host: demo.microweber.org Cookie: laravelsession=r768Tqzv8h0fkjgvKdofhxgmjcorT6pwuqMKJkIb;...

CVE-2022-2230

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf...