CVE-2020-23849

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...

Cross site scripting

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...

krpano Panorama Viewer 跨站脚本漏洞

krpano Panorama Viewer is a software for viewing panorama files from the German company krpano. The software supports high-resolution images, interactive virtual roaming, custom-designed user interface, and other features. A cross-site scripting vulnerability exists in Krpano Panorama Viewer in...

DEBIAN-CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

U.S. Dept Of Defense: Stored XSS through name / last name on https://██████████/

Description: There is stored XSS Vulnerability on https://█████/██████ by rendering unsafe input being registered on the account name and last name. ███ Step-by-step Reproduction Instructions 1. Navigate to javascript...

Korzio Djv Command Injection Vulnerability

Korzio Djv is Korzio individual developers of a Javascript-based software used to dynamically verify the Json data format . A command injection vulnerability exists in versions prior to djv 2.1.4, which stems from the lack of proper validation of client-side data by the web application. An attack...

LimeSurvey cross-site scripting vulnerability (CNVD-2021-00893)

limesurvey is an open source online questionnaire program with many functions such as questionnaire design, modification, release, recovery and statistics. A cross-site scripting vulnerability exists in the "Quota" component of the "Survey" page in LimeSurvey 3.21.1. An attacker can exploit this...

Dell EMC Unisphere for PowerMax Cross-Site Scripting Vulnerability

Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays from Dell DELL. A cross-site scripting vulnerability exists in Dell EMC Unisphere for PowerMax, which can be exploited by an attacker to trigger cross-site scripting in order to run JavaScript code ...

LimeSurvey 跨站脚本漏洞

limesurvey is an open source online questionnaire program with many functions such as questionnaire design, modification, release, recovery and statistics. A cross-site scripting vulnerability exists in the "Quota" component of the "Survey" page in LimeSurvey 3.21.1. An attacker can exploit this...

Dell EMC Unisphere for PowerMax 跨站脚本漏洞

Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays from Dell DELL. A cross-site scripting vulnerability exists in Dell EMC Unisphere for PowerMax, which can be exploited by an attacker to trigger cross-site scripting in order to run JavaScript code ...

U.S. Dept Of Defense: Reflected XSS on ███████

Summary Reflected XSS on ████████. Description During my explorations I found █████████/search/node, which provides a basic search functionality. If we search something, the value is reflected and not properly sanitized. For example if we search ██████████/search/node/chron0x we can see in the...

F5 BIG-IP APM Cross-Site Scripting Vulnerability (CNVD-2020-73172)

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A cross-site scripting vulnerability exists in F5 BIG-IP APM, which can be exploited by an attacker to trigger cross-site scripting via the...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to trigger cross-site scriptin...

F5 Networks BIG-IP : XSS vulnerability (K19166530)

A cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.CVE-2020-27719 Impact An attacker can exploit this vulnerability to run JavaScript in the context of the currently logged-in user. When successfully exploiting this vulnerability in the...

CVE-2019-14478

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...

Code injection

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser through a specially created websi...