CVE-2022-30557

Foxit PDF Reader and PDF Editor prior to version 11.2.2 are affected by CVE-2022-30557 due to a Type Confusion that leads to a crash from Unsigned32 mishandling during JavaScript execution. This vulnerability is documented across multiple sources (NVD, Red Hat, OpenVAS/Nessus plugins) and is asso...

Alt-N MDaemon 跨站脚本漏洞

Alt-N MDaemon is a mail service system from Alt-N USA that provides complete mail server functionality, protects users from spam, enables web login to send and receive mail, supports remote management, and when used in conjunction with the MDaemon AntiVirus plugin, it also protects the system...

Survey Sparrow Enterprise Survey Software 跨站脚本漏洞

Survey Sparrow Enterprise Survey Software is an enterprise survey software from Survey Sparrow, Inc. A cross-site scripting vulnerability exists in Survey Sparrow Enterprise Survey Software version 2022, which stems from a lack of data validation filtering in the Signup parameter is missing a dat...

Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)

Exploit Title: Cyclos 4.14.7 - DOM Based Cross-Site Scripting XSS Date: 18/04/2021 Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31674 Description: Cyclos 4 PRO...

Home Owners Collection Management 跨站脚本漏洞

Fairway Independent Mortgage Home Owners Collection Management is a home purchase loan system from Fairway Independent Mortgage. home owners collection management v1 version contains a cross-site scripting vulnerability, which stems from a lack of data validation filtering of user-supplied data a...

Survey Sparrow Enterprise Survey Software 跨站脚本漏洞

A cross-site scripting vulnerability exists in Survey Sparrow Enterprise Survey Software version 2022, which originates in the test parameter The vulnerability is caused by a lack of data validation filtering of user-supplied data and output. An attacker could use this vulnerability to execute...

Foxit PDF Reader < 11.2.2 Multiple Vulnerabilities

According to its version, the Foxit PDF Reader application previously named Foxit Reader installed on the remote Windows host is prior to 11.2.2. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash...

CVE-2022-27230

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to...

Cross site scripting

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility also referred to as the BIG-IP TMUI that allows an attacker t...

Cross site scripting

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to...

CVE-2022-27880

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...

CVE-2022-27878

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

CVE-2022-27230

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to...

PHProjekt MyProjects 跨站脚本漏洞

PHProjekt MyProjects is a modular web application for project management written in PHP / MySql by PHProjekt. PHProjekt MyProjects version 1.3.0 contains a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

Bludit 跨站脚本漏洞

Bludit CMS is an open source lightweight blog content management system CMS. v3.13.1 of Bludit CMS contains a cross-site scripting vulnerability that originates from the lack of filtering and validation of user input data on the /admin/new-content page. An attacker could use this vulnerability to...

Gogs 跨站脚本漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.7, which stems from the la...

CVE-2022-1584 Reflected XSS in microweber/microweber

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim...

Cross-Site Scripting (XSS)

@yaireo/tagify is vulnerable to cross-site scripting. The vulnerability exists in Tagify function in tagify.js because the placeholder input field is not escaped which allows a attacker to inject and execute arbitrary javascript...

F5 BIG-IP 多款产品跨站脚本漏洞

F5 BIG-IP and F5 BIG-IP Guided Configuration GC are both products of F5, Inc. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IP Guided Configuration is a configuration template. cross-site...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing, etc. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited by attackers to execute JavaScript in the context of the...