5782 matches found
Cross site scripting
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
krpano Panorama Viewer 跨站脚本漏洞
krpano Panorama Viewer is a software for viewing panorama files from the German company krpano. The software supports high-resolution images, interactive virtual roaming, custom-designed user interface, and other features. A cross-site scripting vulnerability exists in Krpano Panorama Viewer in...
DEBIAN-CVE-2020-8264
In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...
U.S. Dept Of Defense: Stored XSS through name / last name on https://██████████/
Description: There is stored XSS Vulnerability on https://█████/██████ by rendering unsafe input being registered on the account name and last name. ███ Step-by-step Reproduction Instructions 1. Navigate to javascript...
Korzio Djv Command Injection Vulnerability
Korzio Djv is Korzio individual developers of a Javascript-based software used to dynamically verify the Json data format . A command injection vulnerability exists in versions prior to djv 2.1.4, which stems from the lack of proper validation of client-side data by the web application. An attack...
LimeSurvey cross-site scripting vulnerability (CNVD-2021-00893)
limesurvey is an open source online questionnaire program with many functions such as questionnaire design, modification, release, recovery and statistics. A cross-site scripting vulnerability exists in the "Quota" component of the "Survey" page in LimeSurvey 3.21.1. An attacker can exploit this...
LimeSurvey 跨站脚本漏洞
limesurvey is an open source online questionnaire program with many functions such as questionnaire design, modification, release, recovery and statistics. A cross-site scripting vulnerability exists in the "Quota" component of the "Survey" page in LimeSurvey 3.21.1. An attacker can exploit this...
Dell EMC Unisphere for PowerMax Cross-Site Scripting Vulnerability
Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays from Dell DELL. A cross-site scripting vulnerability exists in Dell EMC Unisphere for PowerMax, which can be exploited by an attacker to trigger cross-site scripting in order to run JavaScript code ...
Dell EMC Unisphere for PowerMax 跨站脚本漏洞
Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays from Dell DELL. A cross-site scripting vulnerability exists in Dell EMC Unisphere for PowerMax, which can be exploited by an attacker to trigger cross-site scripting in order to run JavaScript code ...
U.S. Dept Of Defense: Reflected XSS on ███████
Summary Reflected XSS on ████████. Description During my explorations I found █████████/search/node, which provides a basic search functionality. If we search something, the value is reflected and not properly sanitized. For example if we search ██████████/search/node/chron0x we can see in the...
F5 BIG-IP APM Cross-Site Scripting Vulnerability (CNVD-2020-73172)
F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A cross-site scripting vulnerability exists in F5 BIG-IP APM, which can be exploited by an attacker to trigger cross-site scripting via the...
F5 Networks BIG-IP : XSS vulnerability (K19166530)
A cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.CVE-2020-27719 Impact An attacker can exploit this vulnerability to run JavaScript in the context of the currently logged-in user. When successfully exploiting this vulnerability in the...
F5 BIG-IP 跨站脚本漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to trigger cross-site scriptin...
CVE-2019-14478
AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...
Code injection
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2021-02377)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Amazon Linux 2 : thunderbird (ALAS-2020-1572)
The version of thunderbird installed on the remote host is prior to 78.4.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1572 advisory. The Mozilla Foundation Security Advisory describes this flaw as:Mozilla developer reported memory safety bugs present...
Systran Pure Neural Server Cross-Site Scripting Vulnerability
Systran Pure Neural Server is a Web platform product for document translation from Systran, Germany. A cross-site scripting vulnerability previously existed in Systran Pure Neural Server 9.7.0, which stemmed from a cross-site scripting XSS issue in WebUI Translation that allowed a threat actor to...
Cross-Site Scripting (XSS)
html-purify is vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows execution of javascript via a malicious URIs...
CVE-2020-15249
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since S...