5800 matches found
DEBIAN-CVE-2021-37833
A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...
CVE-2021-37833
A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...
UBUNTU-CVE-2021-37833
A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...
CVE-2021-29979
Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210618012634...
Information disclosure
Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210618012634...
CVE-2021-29979
Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210618012634...
CVE-2021-29979
CVE-2021-29979 concerns Hubs Cloud. The vulnerability allows a user to download shared content (HTML and JS), which could enable javascript execution in the Hub Cloud instance’s primary hosting domain on mozillareality/reticulum/1.0.1/20210618012634. Exploitation details are not provided in the d...
Yzmcms 跨站脚本漏洞
YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed by Yuan Zhimeng alone.YzmCMS version 5.2 has a cross-site scripting vulnerability. An attacker can use the sitecode parameter in admin/index/init.html to inject and execute javascript code...
Cross-site Scripting (XSS)
curly-bracket-parser is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser when used as a template library due to lack of user input sanitization...
Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...
CVE-2021-23411
Affected versions of this package are vulnerable to Cross-site Scripting XSS via the main functionality. It accepts input that can result in the output an anchor a tag containing undesirable Javascript code that can be executed upon user interaction...
CVE-2021-27517
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...
Code injection
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...
CVE-2021-27517
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...
CVE-2021-21799
Cross-site scripting vulnerabilities exist in the telnetform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a...
CVE-2021-21801
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21802
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21802
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21803
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21801
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...