CVE-2022-24799

CVE-2022-24799 describes a cross-site scripting vulnerability in Wire Webapp caused by insufficient escaping of markdown code highlighting, allowing execution of arbitrary HTML/JavaScript in the victim’s browser. Affected: wire-webapp and connected Wire desktop clients. Impact per description: at...

Zimbra 安全漏洞

Zimbra Collaboration aka ZCS version 9.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side...

WordPress plugins Easy Social Feed Free 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Easy Social Feed Free plugin is vulnerable to a cross-site scripting vulnerability that stems from...

WordPress plugin Ad Injection代码注入漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Ad Injection plugin9, which stems from the plugin's inability to properly clean up th...

COINS Construction Cloud 跨站脚本漏洞

COINS Construction Cloud is an end-to-end suite of cloud and mobile software solutions from COINS, Inc. designed to help construction executives drive increased profitability across their business. A cross-site scripting vulnerability exists in COINS Construction Cloud version 11.12, which stems...

Organizr 跨站脚本漏洞

Organizr is a tab management system. Organizr 2.1.1810 prior versions of cross-site scripting vulnerability, the vulnerability stems from the Username and Email fields lack of data provided by the user and the output data validation filter, an attacker can use the vulnerability in the client to...

Organizr 跨站脚本漏洞

Organizr is a tab management system. Designed to be a one-stop store for server front ends, Organizr version 2.1.1810 previously had a cross-site scripting vulnerability that stemmed from unpurged filenames, which could be exploited by attackers to execute JavaScript code on the client side...

Citrix Systems Citrix StoreFront Server 跨站脚本漏洞

Citrix Systems Citrix StoreFront Server Citrix StoreFront Server,Citrix StoreFront Server is a Citrix Systems Citrix Systems is an indispensable component of Xen virtualization as part of the authentication and delivery management process. Citrix StoreFront Server, Citrix StoreFront Server, Citri...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Webmin 跨站脚本漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.A cross-site scripting vulnerability exists in Webmin version 1.973, which stems from a lack of filtering and escaping of user-submitted parameters in the file management...

Oracle Linux 8 : thunderbird (ELSA-2022-1301)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-1301 advisory. 91.8.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.8.0-1 - Update to 91.8.0 Tenable has extracted...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Loco Translate plugin version prior to 2.6.1 has a cross-site scripting vulnerability, which can be exploited by attackers t...

CVE-2022-28282

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Cross site scripting

A stored cross-site scripting XSS vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which coul...

GHSA-XMJJ-3C76-5W84 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus

Impact Unauthorized JavaScript can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run an...

WordPress plugin weDevs WP Project Manager 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress weDevs WP Project Manager plugin has a...

WordPress plugin CareerUp Careerup WordPress theme 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress CareerUp Careerup WordPress theme plugin...