CVE-2022-0840

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed...

Design/Logic Flaw

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed...

CVE-2022-0840

The vulnerability is in the WordPress Easy Social Icons plugin (versions before 3.2.1). The image_file field is not properly escaped when adding a new social icon, enabling stored cross-site scripting. High-privilege users can inject arbitrary JavaScript even when unfiltered_html is disallowed. T...

CVE-2022-24229

The CVE-2022-24229 entry describes an XSS vulnerability in ONLYOFFICE Document Server Example prior to version 7.0.0. The affected component/path is the example editor endpoint (/example/editor), allowing remote attackers to inject arbitrary HTML or JavaScript. The issue is tied to an external we...

CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI...

CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI...

Design/Logic Flaw

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI...

CVE-2022-28650

JetBrains YouTrack before 2022.1.43700 is affected by a cross-site scripting issue that enables an attacker to inject JavaScript into Markdown in the YouTrack Classic UI. This CVE is corroborated by multiple records (e.g., Red Hat, CNVD, CVE listings) describing the same vulnerability. The availa...

CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI...

JetBrains YouTrack 跨站脚本漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features bug tracking, creating workflows and monitoring project progress.JetBrains YouTrack 2022.1.43700 previously contained a security vulnerability that could be...

WordPress plugin UpdraftPlus WordPress Backup Plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress UpdraftPlus WordPress Backup plugin...

CVE-2021-44310

An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality...

Firmware Analysis and Comparison Tool 跨站脚本漏洞

Firmware Analysis and Comparison Tool FACT, a firmware analysis and comparison tool, is vulnerable to a cross-site scripting vulnerability in Firmware Analysis and Comparison Tool v3.2. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in the user...

WordPress plugin Simple Ajax Chat 跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Simple Ajax Chat plugin version 20220115 and earlier versions have a cross-site scripting vulnerability that stem...

CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code...

CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code...

CVE-2022-25221

The CVE-2022-25221 entry concerns Money Transfer Management System v1.0, where an attacker can inject JavaScript code via a URL and persuade a user to visit that link to execute the script. Root cause cited across sources is lack of input validation/filtering and output handling for user-supplied...

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

Hardcoded credentials

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...