IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI to chang...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI to chang...

How Page Integrity Manager Detects Real-World Magecart Attacks

Written by Ziv Eli - Engineering Manager, Security and Maor Hod - Senior Product Manager, Security In this blog, we will take a look at and break down a recent Magecart attack detected and mitigated by Page Integrity Manager. The impacted customer operates a large international e-commerce busines...

CVE-2021-21259

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instanc...

Authentication flaw

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instanc...

CVE-2021-21259

CVE-2021-21259 affects HedgeDoc before version 1.7.2, where an attacker could inject arbitrary JavaScript into a note that is executed when viewed in slide mode. Depending on instance configuration, authentication may not be required to create or edit notes. The issue is fixed in HedgeDoc 1.7.2; ...

CVE-2021-22849

Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS Stored Cross-site scripting attack...

CVE-2021-22849

CVE-2021-22849 affects Hyweb HyCMS-J1; the backend editing function does not filter special characters, enabling stored XSS where logged-in users can inject JavaScript. Root cause: insufficient input sanitization on editing payloads. Documented impact includes stored XSS risk with potential parti...

Hyweb HyCMS-J Cross-Site Scripting Vulnerability

Hyweb HyCMS-J1 is a text management system from the Chinese company Hyweb. Hyweb HyCMS-J1 suffers from a cross-site scripting vulnerability that stems from the back-end editing function not filtering special characters. An attacker can exploit this vulnerability to inject JavaScript syntax to...

Hedgedoc 跨站脚本漏洞

Hedgedoc is a Javascript-based Markdown document real-time editing and sharing platform by the Hedgedoc team. A cross-site scripting vulnerability exists in versions prior to HedgeDoc 1.7.2, which can be exploited by attackers to inject arbitrary JavaScript...

U.S. Dept Of Defense: Stored XSS at https://www.█████████.mil

Summary: Stored XSS exists at https://www.██████.mil. A user can fill out the form and upload a file containing javascript code to trigger XSS. Description: Stored XSS exists at https://www.████.mil. A user can fill out the form and upload a file containing javascript code to trigger XSS. Impact ...

Cross site scripting

A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the posttitle parameter...

CVE-2020-35582

A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the posttitle parameter...

Opentext Carbonite 跨站脚本漏洞

OpenText develops and markets Enterprise Information Management EIM software. A cross-site scripting vulnerability exists in OpenText Carbonite Server Backup Portal 8.8.7 and earlier versions, which originates from a failure to effectively filter user input at policy creation, allowing an...

CVE-2020-23849

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...

CVE-2020-23849

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...

IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-03014)

IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...

IBM Engineering Requirements Quality Assistant Cross-Site Scripting Vulnerability (CNVD-2021-02621)

IBM Engineering Requirements Quality Assistant uses AI to help you improve requirements quality from the authoring source. A cross-site scripting vulnerability exists in IBM Engineering Requirements Quality Assistant. An attacker could exploit the vulnerability to embed arbitrary JavaScript code ...

IBM Engineering Requirements Quality Assistant Cross-Site Scripting Vulnerability

IBM Engineering Requirements Quality Assistant uses AI to help you improve requirements quality from the authoring source. A cross-site scripting vulnerability exists in IBM Engineering Requirements Quality Assistant. An attacker could exploit the vulnerability to embed arbitrary JavaScript code ...

IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2021-03016)

IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management, with broad coverage of all aspects from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management. An...