PT-2022-7382 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance, Identity Manager version 10.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within...

CVE-2022-28703

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...

Cross-Site Scripting (XSS)

collective.task is vulnerable to cross-site scripting. The vulnerability exists in the renderCell function of table.py due to missing escape columns which allows an attacker to inject and execute malicious JavaScript...

Cross-Site Scripting (XSS)

org.wso2.carbon.registry is vulnerable to cross-site scripting. The vulnerability exists due to lack of encoding request parameters in the library which allows an attacker to inject and execute malicious JavaScript...

CVE-2022-28703

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-32763

A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...

Cross site scripting

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

Input validation

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-3073 Quaonos Schema ST4 example templates prone to XSS

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-3073 Quaonos Schema ST4 example templates prone to XSS

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2022-3073

The CVE-2022-3073 entry concerns Quanos SCHEMA ST4 example web templates (Bootstrap 2019 v2 through 2022 SP1 v1). Affected component is the *-schema.js script, whose JavaScript injection vulnerability can allow a remote attacker to hijack existing sessions or run scripts in a user’s browser. Docu...

Bootstrap 跨站脚本漏洞

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript. A cross-site scripting vulnerability exists in Bootstrap 2019 v2, 2021 v1, 2022 v1, 2022 SP1 v1, and prior versions, which stems from the Quanos "SCHEMA ST4" sample web template being vulnerable to...

PT-2022-20267 · Unknown · Quanos Schema St4

Name of the Vulnerable Software and Affected Versions: Quanos SCHEMA ST4 versions Bootstrap 2019 v2 through 2022 SP1 v1 Description: The issue allows a remote attacker to perform JavaScript injection, potentially hijacking existing sessions to access other web services in the same environment or...

GHSA-Q7JC-V6F2-Q9JR Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9hmq-fm33-x4xx. This link is maintained to preserve external references. Original Description Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript...

Cross-Site Scripting (XSS)

claviska/jquery-minicolors is vulnerable to cross-site scripting. The vulnerability exists because of the lack of sanitization in the name attribute in jquery.minicolors.min.js, allowing an attacker to inject and execute malicious JavaScript...

CVE-2022-44303

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side...

Resque Scheduler 跨站脚本漏洞

Resque Scheduler is Resque open source a lightweight job scheduling system built on Resque . Resque Scheduler version 1.27.4 security vulnerability , the vulnerability stems from the vulnerability to cross-site scripting XSS attacks , a remote attacker can inject javascript code into...

CVE-2022-46905

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...