CVE-2021-42360

The CVE-2021-42360 issue affects WordPress Starter Templates (Brainstorm Force) plugin

CVE-2021-41164

CKEditor4 contains an Advanced Content Filter (ACF) vulnerability (CVE-2021-41164) that allows injection of malformed HTML bypassing sanitization, enabling JavaScript execution. Affected: CKEditor4

Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Elementor plugin that stems from a lack of data validation...

PT-2021-6875 · Unknown +1 · Ckeditor 4 +1

Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.17.0 Description: The issue is related to the Advanced Content Filter ACF module in CKEditor 4, which fails to properly protect the structure of web pages. This allows a remote attacker to bypass existing access...

CKEditor 跨站脚本漏洞

CKEditor is a set of open source, web-based text editors.A cross-site scripting vulnerability exists in CKEditor, which allows attackers to bypass content cleanup to inject misformatted HTML, which could lead to the execution of JavaScript code. No detailed vulnerability details are currently...

HTML comments vulnerability allowing to execute JavaScript code

Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed comments HTML...

Darwin Factor 跨站脚本漏洞

Darwin Factor is a free and open source next-generation TypeScript framework from Darwin, Inc. It is used to create blogs, login pages and JamStack applications. Darwin Factor suffers from a cross-site scripting vulnerability that stems from vulnerability to cross-site scripting XSS attacks store...

PT-2021-5364 · Unknown +4 · Gnu Mailman +4

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.36 Description: The issue is related to a crafted URL to the "Cgi/options.py" user options page, which can execute arbitrary JavaScript for XSS. This is due to inadequate protection of the web page structure....

CVE-2021-25974 Publify - Stored Cross-Site Scripting (XSS) in Editor

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

XSS vulnerability allowing arbitrary JavaScript execution

Today we are releasing Grafana 8.2.3. This patch release includes an important security fix for an issue that affects all Grafana versions from 8.0.0-beta1. Grafana Cloud instances have already been patched and an audit did not find any usage of this attack vector. Grafana Enterprise customers we...

CVE-2021-29735

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Unlimited PopUps plugin in version 4.5.3 and earlier suffers from a SQL injection vulnerability that...

Cross-site Scripting (XSS) - Generic in snipe/snipe-it

Description XSS in bulk audit function via the asset tag parameter Proof of Concept 1: Go to http:///hardware/bulkaudit feature 2: Use alertdocument.domain as "Asset Tag" parameter 3: Click "Audit", the XSS should be triggered via the message Asset Tag ASSETTAG not found. Impact This vulnerabilit...

UBUNTU-CVE-2021-22260

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...

UBUNTU-CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

Oracle Linux 7 : firefox (ELSA-2021-4116)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4116 advisory. 91.3.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.j...

PT-2021-22753 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.5 and above Description: The issue arises from improper validation of ipynb files, allowing an attacker to execute arbitrary JavaScript code on the victim's behalf. This enables the attacker to perform actions as the...

CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

Design/Logic Flaw

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...