CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

Major Content Management Systems affected by Multiple vulnerabilities

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Several flaws in well-known content management systems WordPress and Drupal have been uncovered. A content management system, or CMS, is software that allows users to create, manage, and edit website content without requiri...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

CVE-2022-24072

The CVE-2022-24072 entry applies to Naver Whale Browser, with affected versions before 3.12.129.18. The root cause is improper data handling in the devtools API (devtools.inspectedWindow), allowing potentially attacker-controlled JavaScript execution within the extension store web page. Consequen...

Atlassian Fisheye和Crucible 安全漏洞

Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. A security vulnerability exists in Atlassian Fishey and Crucible versions prior to 4.8.9, which can be exploited by an attacker to inject arbitrary HTML and/or JavaScript...

WordPress Core 5.9.0 / 5.9.1 Cross Site Scripting Vulnerability

Contributor+ Stored Cross Site Scripting Vulnerability Description: Contributor+ Stored XSS Affected Versions: WordPress Core 5.9.0-5.9.1 CVE ID: Pending CVSS Score: 8.0 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Fully Patched Version: 5.9.2 Researcher/s: Ben Bidner WordPress...

CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

Design/Logic Flaw

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

CVE-2021-45888

An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role...

GateManager跨站脚本漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager that allows a logged in user to inject javascript during a browser session...

CVE-2022-24432 ICSA-22-062-01 IPCOMM ipDIO

Persistent cross-site scripting XSS in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an...

CVE-2022-21146 ICSA-22-062-01 IPCOMM ipDIO

Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization of the Title field in the setting.js file which allows an attacker to inject and execute malicious javascript...

IPCOMM ipDIO Cross-Site Scripting Vulnerability (CNVD-2022-20535)

IPCOMM ipDIO is a remote control communication device from IPCOMM Germany. It is used to record digital and analog inputs and control digital outputs. A cross-site scripting vulnerability exists in IPCOMM ipDIO that allows an unauthenticated, remote attacker to exploit the vulnerability to...

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...