CVE-2021-21799

Advantech R-SeeNet 2.4.12 is affected by a reflected XSS in telnet_form.php. The issue arises from improper input handling in telnet_form.php, enabling arbitrary script execution in the victim’s browser when a crafted URL is visited. Nuclei templates describe the vulnerability as a reflected XSS;...

PT-2021-14784 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is present in the device graph page.php script, part of the Advantech R-SeeNet web applications. It allows arbitrary JavaScript code execution when a victim visits a...

Advantech R-SeeNet 跨站脚本漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...

Insecure Sharing of HTML/JS Files in Hubs Cloud Reticulum — Mozilla

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain...

Siemens Teamcenter Active Workspace 跨站脚本漏洞

Siemens Teamcenter Active Workspace is a software application from Siemens Germany. A product lifecycle management software. A cross-site scripting vulnerability exists in Teamcenter Active Workspace, which could allow an attacker to execute malicious JavaScript code by tricking a user into...

Cross site scripting

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in...

ArcGIS Server Reflective Cross-Site Scripting Vulnerability (CNVD-2021-50074)

ArcGIS Server is the back-end server software component of ArcGIS Enterprise from Esri that makes your geographic information available to others in your organization, and optionally makes it available to anyone with an Internet connection. A reflected cross-site scripting vulnerability exists in...

CVE-2021-29103 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.

A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

Cross-site Scripting (XSS)

Overview smashing is an a framework for pulling together an overview of data that is important to your team and displaying it easily on TVs around the office. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A URL for a widget can be crafted and used to execute...

CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...

Cross site scripting

Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...

smashing 跨站脚本漏洞

smashing is a software application. A framework based on Sinatra. A cross-site scripting vulnerability exists in Smashing 1.3.4, which stems from the ability to craft a URL for a widget and use it to execute JavaScript on a victim's computer...

CVE-2021-33192

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

DEBIAN-CVE-2021-33192

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

Design/Logic Flaw

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

UBUNTU-CVE-2021-33192

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

CVE-2021-33192

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

Zimbra Collaboration Suite Cross-Site Scripting Vulnerability

Zimbra Collaboration Suite ZCS is a collaboration software suite that includes an email server and web client. A cross-site scripting vulnerability exists in the login component of the web client for Zimbra Collaboration Suite. An attacker could exploit this vulnerability by adding executable...

Glassdoor: CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com

Summary: It is possible load an arbitrary .css file. Bypassing the protections by adding the domain https://www.glassdoor.com in a parameter/path. Affected URL or select Asset from In-Scope: -...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG xss via unpaid-invoice-comment 💥 VERSION TESTED latest version as of 3/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-invoice3/app/hooks/calendar-unpaid-invoices.php?date=2021-06-03&view=dayGridMonth and create a...