5802 matches found
CVE-2021-46676
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field...
Cross site scripting
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field...
Cross site scripting
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...
CVE-2021-46679 Vulnerability XSS in service elements
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements...
GHSA-2FXF-QJ94-3F83 Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Version 2.11.3 contains a fix for th...
Artica Pandora FMS 跨站脚本漏洞
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS version 756 and earlier versions. An attacker can exploit this...
PT-2022-12897 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions prior to 756 Description: A XSS issue exists that allows an attacker to execute javascript code via the event filter name field. Recommendations: For versions prior to 756, update to a version above 756 to resolve the iss...
Artica Pandora FMS 跨站脚本漏洞
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS version 756 and earlier. An attacker can exploit this...
Artica Pandora FMS 跨站脚本漏洞
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS version 756 and earlier. An attacker can exploit this...
CVE-2022-28732
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later...
PT-2022-18262 · Apache · Apache Jspwiki
Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions up to and including 2.11.2 Description: A carefully crafted request on the "XHRHtml2Markup.jsp" endpoint could trigger an issue, allowing an attacker to execute javascript in the victim's browser and potentially obtain...
Apache JSPWiki 跨站脚本漏洞
Apache JSPWiki is a U.S. Apache Apache Foundation , an open source WikiWiki engine built on Java, Servlet and JSP . A security vulnerability exists in Apache JSPWiki versions prior to 2.11.3, which stems from an XSS vulnerability that can be triggered by a crafted request on AJAXPreview.jsp. This...
Shopify: Stored XSS in Dovetale by application of creator
Summary: Dovetale is an influencer platform from Shopify to manage and scale influencer marketing. The influencers can become an ambassador of the brand and are able to apply for it. If a malicious creator applies with XSS payloads inside the first name, last name, etc., the data is stored and...
InMailX 跨站脚本漏洞
InMailX, InMailX's enterprise email management, compliance and productivity solution for Microsoft Outlook and Office 365, provides the features and tools users need to effectively manage their email and attachments. A security vulnerability exists in InMailX plugin Outlook versions prior to...
CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...
Swagger UI 3.14.0 < 3.38.0 Cross-Site Scripting
Swagger UI is a popular library used to beautify API specifications and render it to the users. Swagger UI versions 3.14.1 to 3.37.2 suffer from a DOM Cross-Site Scripting XSS vulnerability due to an outdated DomPurify embedded library and a feature available in the Swagger UI library itself whic...
CVE-2022-23201
Adobe RoboHelp versions 2020.0.7 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...
CVE-2021-46827
An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals in online documentation generated using Oxygen XML WebHelp allows attackers to execute JavaScript by convincing a user to type specific...
CVE-2021-46827
An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals in online documentation generated using Oxygen XML WebHelp allows attackers to execute JavaScript by convincing a user to type specific...
Syncro Soft Oxygen XML WebHelp 跨站脚本漏洞
Syncro Soft Oxygen XML WebHelp is used by Syncro Soft Romania to convert DITA and DocBook resources to WebHelp output. A security vulnerability exists in Syncro Soft Oxygen XML WebHelp versions prior to 22.1 build 2021082006, 23.x prior to 23.1 build 2021090310, which stems from an XSS...