CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

IPCOMM ipDIO 跨站脚本漏洞

IPCOMM ipDIO is a remote control communication device from IPCOMM Germany. It is used to record digital and analog inputs and control digital outputs. A cross-site scripting vulnerability exists in IPCOMM ipDIO that allows an unauthenticated, remote attacker to exploit the vulnerability to...

Cross-site Scripting (XSS)

reveal.js is vulnerable to cross-site scripting. The onmessage event listener in speaker-view.html does not properly check the origin of postMessage before being rendered on the webpage, allowing an attacker to inject and execute malicious javascript...

Lansweeper WebUserActions.aspx Stored XSS vulnerability

Summary A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. Tested...

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira has a cross-site scripting vulnerability that can be exploited to inject arbitrary HTML or JavaScript...

Cross Site Scripting(XSS)

intelliants/subrion is vulnerable to cross-site scripting. The vulnerability exists because create page functionality of admin account which allows a malicious attacker to inject and execute arbitrary javascript...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists in admin page due to the lack of input sanitization in the createmediadir function in the MediaManager.php file allowing an attacker to inject and execute malicious javascript...

GHSA-44CG-QCPR-FWJH Cross site scripting in francoisjacquet/rosariosis

A Cross Site Scripting XSS vulnerabilty exits in RosarioSIS before 7.6.1 via the xssclean function in classes/Security.php, which allows remote malicious users to inject arbitrary JaveScript of HTML.An example of affected components are all Markdown input fields...

WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting

On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to injec...

CVE-2022-24709

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

Design/Logic Flaw

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709

The CVE-2022-24709 entry concerns @awsui/components-react (the AWS UI React component library). Affected versions before 3.0.367 fail to properly neutralize user input, which may permit JavaScript injection (XSS) when rendering content. The issue has been characterized across multiple sources as ...

CVE-2021-43943

CVE-2021-43943 affects Atlassian Jira Service Management Server and Data Center. Affected component: InsightDefaultCustomFieldConfig.jspa, in the /secure/admin/InsightDefaultCustomFieldConfig.jspa page, where an HTML/JavaScript payload can be injected via the Object Schema field due to insufficie...

RosarioSis 跨站脚本漏洞

RosarioSis is a free and open source student information system. It is used to manage students, create reports and make the right decisions. A cross-site scripting vulnerability exists in RosarioSIS versions prior to 7.6.1 that allows remote malicious users to inject arbitrary JavaScript or HTML...

components-react 跨站脚本漏洞

components-react is a set of React components that help create intuitive, responsive and accessible user experiences for web applications. A cross-site scripting vulnerability exists in versions prior to @awsui/components-react 3.0.367 that could allow javascript injection...

CVE-2022-22126

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

CVE-2022-23053

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

Nasa Openmct 跨站脚本漏洞

Nasa Openmct is an open source open mission control technology from NASA, Inc. for visualizing data on desktop and mobile devices. A cross-site scripting vulnerability exists in Openmct versions 1.3.0 through 1.7.7, which stems from the software's lack of effective filtering and escaping for...