Adobe Experience Manager cross-site scripting vulnerability (CNVD-2021-02377)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Amazon Linux 2 : thunderbird (ALAS-2020-1572)

The version of thunderbird installed on the remote host is prior to 78.4.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1572 advisory. The Mozilla Foundation Security Advisory describes this flaw as:Mozilla developer reported memory safety bugs present...

Systran Pure Neural Server Cross-Site Scripting Vulnerability

Systran Pure Neural Server is a Web platform product for document translation from Systran, Germany. A cross-site scripting vulnerability previously existed in Systran Pure Neural Server 9.7.0, which stemmed from a cross-site scripting XSS issue in WebUI Translation that allowed a threat actor to...

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using a specially crafted...

The vulnerability of Adobe Connect’s instant messaging program lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

Cross-Site Scripting (XSS)

html-purify is vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows execution of javascript via a malicious URIs...

CVE-2020-15249

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since S...

CVE-2020-15249

CVE-2020-15249 applies to October CMS: backend file upload allowed SVGs without sanitization in versions before 1.0.469 (and 1.0.x), enabling potential stored XSS via uploaded SVG content. The issue’s root cause is lack of SVG sanitization in the Media upload feature; the backend displays SVGs as...

Dell EMC RSA Archer 注入漏洞

Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An injection vulnerability exists in Dell EMC RSA Archer versions 6.8...

CVE-2020-25798

A stored cross-site scripting XSS vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the...

The vulnerability of the Marketo Sales Insight Salesforce automated marketing software package lies in the lack of measures to cleanse input data, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the Marketo Sales Insight Salesforce automated marketing software package is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary JavaScript code...

U.S. Dept Of Defense: Reflected Xss in [██████]

Description: Reflected XSS in █████████ due to unsanitized single quote '. Impact An attacker could execute arbitrary javascript, and perform malicious actions ! Step-by-step Reproduction Instructions 1. Used payload: simo%27onfocus=%27confirmdocument.domain%27name=%27simo%27simo 2. Visit the url...

PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

CVE-2020-15275

Removed by vendor...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2020-63001)

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript in a browser...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2020-63000)

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript in a browser...

Vulnerabilities fixed in Adobe Connect

Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...

UBUNTU-CVE-2020-15275

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

Input validation

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...