CVE-2022-31035 External URLs for Deployments can include javascript in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the...

parse-url 跨站脚本漏洞

parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from a last fix can be bypassed and can be exploited by an attacker to place any malicious JS code on a web page...

PT-2022-10865 · Ibm · Ibm Cognos Analytics +1

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics version 2.0 IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

Cross-site Scripting (XSS)

krayin/laravel-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the v-html parameter in table-body.vue, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scriptingXSS attacks. The library does not properly validate the url parameter in application-urls.tsx which allows an attacker to inject and execute malicious javascript, capable of creating, modifying, and deleting resources...

SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:2134-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2134-1 advisory. - ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19...

Argo CD's external URLs for Deployments can include JavaScript

Impact All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions up to and including admin. The scri...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the type parameter, allowing an attacker to inject and execute malicious javascript...

CVE-2022-29034

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting XSS attacks...

CVE-2022-29034

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting XSS attacks...

CVE-2022-29034

Siemens SINEMA Remote Connect Server is affected for all versions prior to 3.1. The vulnerability is a reflected cross-site scripting (XSS) flaw in the web interface where an error message popup window does not prevent JavaScript injection. Under CVSS3.1, base score 6.1 (NETWORK, LOW attack compl...

CVE-2022-1695

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...

CVE-2022-1695

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...

Cross site request forgery (csrf)

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...

RosarioSIS 跨站脚本漏洞

RosarioSIS Student Information System, designed for school administration, is designed to meet the most important needs of administrators, teachers, support staff, parents, students and clerical staff, however, it also adds many components not normally found in student information systems. versio...

WordPress plugin WP Simple Adsense Insertion 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...

FlatCore-CMS 跨站脚本漏洞

flatCore-CMS is a PHP and MySQL/SQLite based Web Content Management System CMS. flatCore-CMS version 2.0.9 is vulnerable to a cross-site scripting XSS vulnerability. An attacker could use this vulnerability to inject malicious JavaScript programs, steal cookies from other users, etc...

SeedDMS 跨站脚本漏洞

SeedDMS formerly known as LetoDMS and MyDMS is a PHP and MySql based document management system used to store and share documents. SeedDMS versions 6.0.18 and 5.1.25 contain a cross-site scripting vulnerability that stems from the Add category function in the Global Keyword menu, which is prone t...

GHSA-MJ46-R4GR-5X83 Unsanitized JavaScript code injection possible in gatsby-plugin-mdx

Impact The gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present when passing input in both webpack MDX fil...

CVE-2022-32269

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages displayed by Internet Explorer core. This leads to arbitrary code execution...