F5 BIG-IP APM 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A cross-site scripting vulnerability exists in F5 BIG-IP APM, which can be exploited by attackers to execute JavaScript in th...

CVE-2021-31674

Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant...

WordPress plugin Fast Flow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress Fast Flow plugin prior to 1.2.12, which...

Microweber Cross-Site Scripting Vulnerability

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in Microweber, which stems from the program's lack of checksum filtering of...

Updated firefox/nss/rootcerts packages fix security vulnerability

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash CVE-2022-1097. After a VR Process is destroyed, a reference to it may have been retained and used, leading to a...

CVE-2022-29584

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets CSS class for embedly is used, and JavaScript code is constructed to perform an action...

Jetbrains JetBrains IntelliJ IDEA 跨站脚本漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from Jetbrains Czech Republic.A cross-site scripting vulnerability exists in versions prior to JetBrains IntelliJ IDEA 2022.1, which stems from an error message in the internal web server that lacks a...

Hoosk CMS 跨站脚本漏洞

Hoosk CMS is a lightweight content management system. A cross-site scripting vulnerability exists in Hoosk CMS version 1.8.0, which can be exploited by an attacker to execute JavaScript code in a user's browser via an edit page...

Cross-site scripting - Stored via upload xml file

Description When user upload file with XML extension in white-list, server will stored XML file at assets/PortalNotesFiles/, so we can direct access and execute javascript code. Proof of Concept POST /rosariosis/Modules.php?modname=SchoolSetup/PortalNotes.php&modfunc=update HTTP/1.1 Host:...

CVE-2022-24799

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

Design/Logic Flaw

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799

CVE-2022-24799 describes a cross-site scripting vulnerability in Wire Webapp caused by insufficient escaping of markdown code highlighting, allowing execution of arbitrary HTML/JavaScript in the victim’s browser. Affected: wire-webapp and connected Wire desktop clients. Impact per description: at...

Zimbra 安全漏洞

Zimbra Collaboration aka ZCS version 9.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side...

WordPress plugin Ad Injection代码注入漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Ad Injection plugin9, which stems from the plugin's inability to properly clean up th...

WordPress plugins Easy Social Feed Free 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Easy Social Feed Free plugin is vulnerable to a cross-site scripting vulnerability that stems from...

COINS Construction Cloud 跨站脚本漏洞

COINS Construction Cloud is an end-to-end suite of cloud and mobile software solutions from COINS, Inc. designed to help construction executives drive increased profitability across their business. A cross-site scripting vulnerability exists in COINS Construction Cloud version 11.12, which stems...

Organizr 跨站脚本漏洞

Organizr is a tab management system. Organizr 2.1.1810 prior versions of cross-site scripting vulnerability, the vulnerability stems from the Username and Email fields lack of data provided by the user and the output data validation filter, an attacker can use the vulnerability in the client to...

Organizr 跨站脚本漏洞

Organizr is a tab management system. Designed to be a one-stop store for server front ends, Organizr version 2.1.1810 previously had a cross-site scripting vulnerability that stemmed from unpurged filenames, which could be exploited by attackers to execute JavaScript code on the client side...