Cross-Site Scripting (XSS)

jfinal is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the set method of the Controller class...

WordPress WP Google Maps plugin cross-site scripting vulnerability (CNVD-2021-49141)

WordPress is a set of open source blogging platforms developed using the PHP language by the WordPress Foundation. A stored cross-site scripting vulnerability exists in the WordPress WP Google Maps plugin. An attacker can exploit this vulnerability to execute client-side code by injecting...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

✍️ Description The questionary section of livehelperchat can be modified listing new question . However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️‍♂️ Proof of Concept Install the livechat Go on...

CVE-2021-32536

Summary: CVE-2021-32536 affects the MCUsystem login page, where input is not filtered for special characters. This allows a remote attacker to inject JavaScript and perform a reflected XSS attack. The vulnerability is described across several sources (NVD, CVE list) as a login-page input validati...

CVE-2021-32536 MCU Technologies MCUsystem - Reflected XSS

The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks...

Fiyo CMS Cross-Site Scripting Vulnerability (CNVD-2021-45303)

Fiyo CMS is a content management system and software that allows users to add and/or manipulate change website content. A cross-site scripting vulnerability exists in the tag parameter in Fiyo CMS version 2.0.6.1. An attacker can exploit this vulnerability to add html/JavaScript to html code...

MCU system 跨站脚本漏洞

MCUsystem is a multipoint videoconferencing control system from Taiwan Enshiyo Technology Co. MCUsystem suffers from a cross-site scripting vulnerability that stems from the login page not filtering special characters, which can be exploited by a remote attacker to inject JavaScript without...

TrendNet TW100-S4W1CA Cross-Site Scripting Vulnerability

The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site scripting vulnerability exists in TrendNet TW100-S4W1CA version 2.3.32. The vulnerability can be exploited to inject arbitrary JavaScript into the router's web interface via the echo command...

CVE-2021-32426

In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command...

CVE-2021-32426

In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command...

Command injection

In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command...

CVE-2021-32426

The connected sources confirm a Cross-Site Scripting (XSS) flaw in TrendNet TW100-S4W1CA router with firmware version 2.3.32. The vulnerability allows injecting arbitrary JavaScript into the router’s web interface via the echo command, enabling UI-scripted content execution. This is the concrete ...

Fiyo CMS 跨站脚本漏洞

Fiyo CMS is a content management system and software that allows users to add and/or manipulate change website content. A cross-site scripting vulnerability exists in the tag parameter in Fiyo CMS version 2.0.6.1. An attacker can exploit this vulnerability to add html/JavaScript to html code...

Cross-Site Scripting (XSS)

drupal is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser...

PT-2021-21127 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 SocialProfile extension in MediaWiki versions through 1.36 Description: An XSS issue was discovered in the SocialProfile extension within MediaWiki. A privileged user with the awardmanage right could inject...

Input validation

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user...

CVE-2021-31832

CVE-2021-31832 affects McAfee Data Loss Prevention Endpoint (DLP) for Windows prior to version 11.6.200, due to improper neutralization of input in the ePO administrator extension’s alert configuration text field. The vulnerability allows a remote ePO DLP administrator to inject JavaScript into t...

PT-2021-19535 · Mcafee · Mcafee Data Loss Prevention Endpoint

Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention DLP Endpoint for Windows versions prior to 11.6.200 Description: The issue allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed...

CVE-2021-26079

CVE-2021-26079 affects Atlassian Jira Server/Data Center: the CardLayoutConfigTable component is vulnerable to remote XSS . Affected versions include Jira Server/Data Center before 8.5.15; 8.6.0 before 8.13.7; and 8.14.0 before 8.17.0. The vulnerability allows a remote attacker to inject arbitrar...

Jira Server and Jira Data Center 跨站脚本漏洞

Atlassian JIRA Server and Jira Server & Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. The system is mainly used for tracking and managing all kinds of problems and defects in the workplace.Jira Server & Dat...