5956 matches found
CVE-2021-29979
Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210618012634...
CVE-2021-29979
CVE-2021-29979 concerns Hubs Cloud. The vulnerability allows a user to download shared content (HTML and JS), which could enable javascript execution in the Hub Cloud instance’s primary hosting domain on mozillareality/reticulum/1.0.1/20210618012634. Exploitation details are not provided in the d...
Yzmcms 跨站脚本漏洞
YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed by Yuan Zhimeng alone.YzmCMS version 5.2 has a cross-site scripting vulnerability. An attacker can use the sitecode parameter in admin/index/init.html to inject and execute javascript code...
Cross-site Scripting (XSS)
curly-bracket-parser is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser when used as a template library due to lack of user input sanitization...
Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...
CVE-2021-23411
Affected versions of this package are vulnerable to Cross-site Scripting XSS via the main functionality. It accepts input that can result in the output an anchor a tag containing undesirable Javascript code that can be executed upon user interaction...
CVE-2021-27517
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...
Code injection
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...
CVE-2021-27517
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert in the Acrobat JavaScript API...
CVE-2021-21799
Cross-site scripting vulnerabilities exist in the telnetform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a...
CVE-2021-21802
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21801
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21803
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21802
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21801
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
Code injection
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21802
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21802
Advantech R-SeeNet is affected by CVE-2021-21802 in the device_graph_page.php script. The vulnerability is a cross-site scripting (XSS) issue triggered when attacker-controlled input (graph, device_id, is2sim) is unsafely embedded in HTML output, enabling arbitrary JavaScript execution in the vic...
CVE-2021-21801
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21799
Cross-site scripting vulnerabilities exist in the telnetform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a...