Adobe RoboHelp 跨站脚本漏洞

Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe RoboHelp version 2020.0.7 and earlier, which stems from the program's lack of checksum filtering of user-supplied data and output...

CVE-2022-23713

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

CVE-2022-23713

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

Cross site scripting

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

CVE-2022-23713

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

Thinkst Canarytokens 跨站脚本漏洞

Thinkst Canarytokens is a web activity tracking system. Thinkst Canarytokens suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute Javascript code...

Ember.js 跨站脚本漏洞

Tilde Ember.js is an open source web application framework for JavaScript from Tilde, Inc. in the United States. A security vulnerability exists in Ember.js. An attacker can exploit this vulnerability to execute arbitrary JavaScrip scripts...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-59953)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a cross-site scripting vulnerability that stems from a lack of filtering and escaping in the SVG tag. An attacker can exploit the vulnerability to execute JavaScript code o...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a cross-site scripting vulnerability that stems from a lack of filtering and escaping in the SVG tag. An attacker can exploit the vulnerability to execute JavaScript code o...

CVE-2022-31065

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...

CVE-2022-31064 Cross site scripting in username that will trigger by sending chat

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker with xss in the name starts a chat. in the victim's client the JavaScript will be executed...

WordPress plugin Nested Pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Nested Pages plugin version prior to 3.1.21 has a cross-site scripting vulnerability that...

Design/Logic Flaw

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

CVE-2022-29168 Cross Site Scripting in Wire Messages

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

Wire 跨站脚本漏洞

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire has a cross-site scripting vulnerability that stems from insufficient...

Cross site scripting

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, filedownload.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScri...

Rails 跨站脚本漏洞

Rails is a set of Rails team based on the Ruby language open source web application framework. Rails suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker can exploit the vulnerability to...

Online Student Rate System 跨站脚本漏洞

Online Student Rate System is an online grading system for students. v1.0 of the Online Student Rate System is vulnerable to a cross-site scripting vulnerability that stems from a lack of validation filtering of user-supplied data and output data in the page parameter of the index.php file. An...

MantisBT 跨站脚本漏洞

MantisBT is the Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 2.25.5, which originated from a...

Jfinal CMS 跨站脚本漏洞

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS v5.1.0 version of the cross-site scripting vulnerability , the...