5782 matches found
CVE-2020-13562
CVE-2020-13562 – phpGACL 3.3.7 XSS vulnerabilities. Multiple cross‑site scripting flaws exist in the template rendering paths of phpGACL 3.3.7, enabling arbitrary JavaScript execution via unescaped user input in template actions (e.g., action, group_id, acl_id). Documented vectors include admin/a...
CVE-2020-13562
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...
Hitachi Vantara Pentaho DOM-Type Cross-Site Scripting Vulnerability
Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A DOM-type cross-site scripting vulnerability exists in Hitachi Vantara Pentaho in the Analysis Report...
Hitachi Vantara Pentaho Cross-Site Scripting Vulnerability
Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A reflected cross-site scripting vulnerability exists in the 'type' attribute of the 'dashboardXml' paramete...
Apache Druid Access Control Error Vulnerability
Apache Druid is the U.S. Apache Software Apache Foundation , a use of the Java language , written in column-oriented open source distributed database . An access control error vulnerability exists in Apache Druid 0.20.0 and earlier versions that allows an authenticated user to force Druid to run...
CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...
Default configuration
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...
CVE-2020-24669
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About...
CVE-2020-24666
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in = 9.1.0.1...
Apache Druid 访问控制错误漏洞
Apache Druid is the U.S. Apache Software Apache Foundation , a use of the Java language , written in column-oriented open source distributed database . An access control error vulnerability exists in Apache Druid 0.20.0 and earlier versions that allows an authenticated user to force Druid to run...
PT-2021-16724 · Apache · Apache Druid
Name of the Vulnerable Software and Affected Versions: Apache Druid versions 0.20.0 and earlier Description: The issue allows an authenticated user to send a specially-crafted request that forces Apache Druid to run user-provided JavaScript code for that request, regardless of server configuratio...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-07540)
Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in userlog-index.php in Revive Adserver...
Hitachi Vantara Pentaho 跨站脚本漏洞
Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A stored cross-site scripting vulnerability exists in the Display Name parameter of the Analysis Report in...
Hitachi Vantara Pentaho 跨站脚本漏洞
Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A reflected cross-site scripting vulnerability exists in the 'type' attribute of the 'dashboardXml' paramete...
Sourceforge PhpGACL Cross-Site Scripting Vulnerability
Sourceforge PhpGACL is a pluggable Php, Mysql based platform used to provide access control for platforms organized by Sourceforge. A cross-site scripting vulnerability exists in phpGACL 3.3.7, which stems from a specially designed HTTP request that could lead to arbitrary JavaScript execution...
Revive Adserver 跨站脚本漏洞
Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in userlog-index.php in Revive Adserver...
phpGACL template multiple cross-site scripting vulnerabilities
Summary Multiple cross-site scripting vulnerabilities exist in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions phpGACL 3.3.7 OpenEMR 5.0.2...
CVE-2020-23774
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...
Wing FTP 跨站脚本漏洞
Wing FTP Server is a cross-platform FTP server software. A cross-site scripting vulnerability exists in Wing FTP version 6.4.4, where an arbitrary IFRAME element can be included in a help page via a specially crafted link, which can be exploited by an attacker to execute sandbox arbitrary HTML an...
CVE-2020-23849
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...