5800 matches found
CVE-2021-41432
FlatPress 1.2.1 contains a stored XSS vulnerability that allows arbitrary JavaScript execution via blog content. Affected component is the blog content handler; the root cause is improper sanitization of content leading to stored payloads. Impact could include credential theft via cookie access, ...
Jenkins Plugin Sauce OnDemand 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
Foxit PhantomPDF < 10.1.8 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 10.1.8. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash...
Unioncms 跨站脚本漏洞
Unioncms is a content management system of China Union Capital Network Technology Unioncms Company. Unioncms v1.0.13 version of a cross-site scripting vulnerability, an attacker can exploit the vulnerability in the client to execute JavaScript code...
IdeaLMS 跨站脚本漏洞
IdeaLMS is an educational and learning management software from Idea. A cross-site scripting vulnerability exists in Idea IdeaLMS version 2022, which can be exploited by an attacker to execute JavaScript code on the client side...
WordPress plugin Ocean Extra 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Ocean Extra plugin 1.9.5, which stem...
ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 跨站脚本漏洞
ASG technologies ASG-Zena Cross Platform Server Enterprise Edition is a modern multi-platform workload automation solution from ASG technologies, Inc. A cross-site scripting vulnerability exists in ASG technologies ASG-Zena Cross Platform Server Enterprise Edition version 4.2.1, which stems from...
CVE-2021-41420
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel...
CVE-2021-41420
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel...
WordPress plugin Promotion Slider 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Promotion Slider plugin 3.3.4 and earlier versions contain a cross-site scripting...
WordPress plugin Newsletter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2021-41502
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting XSS vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute...
WordPress theme Ask me 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress theme Ask me plugin version 6.8.2 previously contained a cross-site scripting...
LibreHealth EHR 跨站脚本漏洞
LibreHealth EHR is a clinically-focused electronic health record EHR system designed to be easy to use out of the box and customizable for use in a variety of healthcare settings. The navigation.php page lacks filtering and escaping for parameters. An attacker could exploit this vulnerability to...
CVE-2022-31470
An XSS vulnerability in the indexmobilechangepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session for a logged-in user, can access and retrieve mailbox content...
XXL-JOB 跨站脚本漏洞
XXL-JOB is a java-based distributed task scheduling platform from the XXL XXL-JOB community. xxl-job version 2.3.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute JavaScript programs...
Barco Control Room 跨站脚本漏洞
Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14. The vulnerability stems from the URL parameter of the...
School Dormitory Management System 跨站脚本漏洞
School Dormitory Management System is a school dormitory management system. v1.0 of School Dormitory Management System has a cross-site scripting vulnerability that originates from admin/inc/navigation.php:125 page that lacks a filter for user The vulnerability is caused by a lack of checksum...
Barco Control Room 跨站脚本漏洞
Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, the Barco Control Room Management Suite web application version 3.14 previously contained a cross-site scripting vulnerability that could be exploited by attackers to execute JavaScri...
WordPress plugin Enable SVG 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Enable SVG plugin version 1.4.0 or earlier has a cross-site scripting vulnerability that...