CVE-2021-20351

CVE-2021-20351 describes a cross-site scripting vulnerability in IBM Engineering products, allowing attackers to inject arbitrary JavaScript via the Web UI and potentially disclose credentials within a trusted session. The issue affects multiple IBM Engineering products in the Engineering Lifecyc...

Apache Ambari Cross-Site Scripting Vulnerability (CNVD-2021-14760)

Apache Ambari is an open source Apache application. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A cross-site scripting vulnerability exists in Apache Ambari 2.7.4, which stems from the input in the view is not effectively...

Appspace Cross-Site Scripting Vulnerability

Appspace is an application from the US-based Appspace Inc. Provides built-in content strategies to easily implement and execute team communication programs. A cross-site scripting vulnerability exists in Appspace version 6.2.4, which stems from the groups section of the network tab not adequately...

Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444

Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters. h3. Affected versions: 7.11.0 h3. Fixed version: 7.11.0 This vulnerability is attributed to Stefano...

Appspace 跨站脚本漏洞

Appspace is an application from the US-based Appspace Inc. Provides built-in content strategies to easily implement and execute team communication programs. A cross-site scripting vulnerability exists in Appspace version 6.2.4, which stems from the groups section of the network tab not adequately...

Redwood Report2Web Cross-Site Scripting Vulnerability

Redwood Report2Web is a web platform from Redwood Corporation that provides users with automated report generation capabilities. A cross-site scripting vulnerability exists in Redwood Report2Web versions 4.3.4.5 and 4.5.3, which stems from a login panel XSS issue that can be exploited by remote...

CVE-2021-26710

A cross-site scripting XSS issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter...

CVE-2021-26710

A cross-site scripting XSS issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter...

CVE-2021-26710

A cross-site scripting XSS issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter...

Redwood Report2Web 跨站脚本漏洞

Redwood Report2Web is a web platform from Redwood Corporation that provides users with automated report generation capabilities. A cross-site scripting vulnerability exists in Redwood Report2Web versions 4.3.4.5 and 4.5.3, which stems from a login panel XSS issue that can be exploited by remote...

Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the plugin. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request coul...

IBM API Connect 跨站脚本漏洞

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A cross-site scripting vulnerability exists in IBM API Connect 10.0.0.0 - 10.0.1.0, 2018.4.1.0 - 2018.4.1.13. An attacker can exploit the vulnerability to embed arbitrary JavaScript code in the web UI that can alter the intende...

Adobe ACS Commons Cross-Site Scripting Vulnerability

Adobe Acs-aem-commons is a Java-based codebase for AEM/CQ code collections generated according to AEM by Adobe in the United States. A security vulnerability exists in Adobe ACS Commons that stems from a failure to properly handle invalid JCR characters, which can be exploited by an attacker to...

Adobe InDesign 跨站脚本漏洞

Adobe Acs-aem-commons is a Java-based codebase for AEM/CQ code collections generated according to AEM by Adobe in the United States. A security vulnerability exists in Adobe ACS Commons that stems from a failure to properly handle invalid JCR characters, which can be exploited by an attacker to...

CentOS 8 : thunderbird (CESA-2020:0577)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:0577 advisory. - Mozilla: Message ID calculation was based on uninitialized data CVE-2020-6792 - Mozilla: Out-of-bounds read when processing certain email messages...

CentOS 8 : firefox (CESA-2020:0512)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:0512 advisory. - Mozilla: Missing bounds check on shared memory read in the parent process CVE-2020-6796 - Mozilla: Incorrect parsing of template tag could result in...

MTN Group: RXSS - http://macademy.mtnonline.com

The page located at http://macademy.mtnonline.com suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability that occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject malicious JavaScript that...

Rocket.Chat: Blind XSS

Blind XSS The page located at https://livechat.coinflex.com/livechat suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability which occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject...

Mautic cross-site scripting vulnerability (CNVD-2021-07536)

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. Mautic 3.2.4 suffers from a cross-site scripting vulnerability that allows remote attackers to inject executable JavaScript via the Referer header of an...

Cross site scripting

A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...