Cross site scripting

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127...

IBM Cloud Pak System 跨站脚本漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. A cross-site scripting vulnerability exists in IBM Cloud Pak System 2.3. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI that could...

HGiga MailSherlock Cross-Site Scripting Vulnerability (CNVD-2021-06947)

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A cross-site scripting vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock failing to properly validate specific URL parameters. An attacker can exploit...

HGiga MailSherlock Cross-Site Scripting Vulnerability

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A cross-site scripting vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock not validating user parameters on multiple login pages. An attacker can explo...

CVE-2020-35740

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks...

Hardcoded credentials

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks...

CVE-2020-35741 HGiga MailSherlock - XSS -2

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks...

CVE-2020-35740 HGiga MailSherlock - XSS -1

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks...

MailSherlock 跨站脚本漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. A cross-site scripting vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock failing to properly validate specific URL parameters. An attacker can exploit...

Hedgedoc Cross-Site Scripting Vulnerability

Hedgedoc is a Javascript-based Markdown document real-time editing and sharing platform by the Hedgedoc team. A security vulnerability exists in HedgeDoc versions prior to 1.7.1, which can be exploited to inject arbitrary "script" tags into HedgeDoc notes. Our content security policy prohibits...

CVE-2020-35730

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...

ZZCMS 跨站脚本漏洞

ZZCMS is the content management system of Webmaster Merchants. A cross-site scripting vulnerability exists in the user login page of zzcms 2019. An attacker can exploit this vulnerability by injecting js code via user/login.php via the referer header...

CVE-2020-12517

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...

CVE-2020-35121

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

Keysight Database Connector plugin code injection vulnerability

Bitbucket Keysight is a database connector plugin available for Atlassian products from the Bitbucket organization. A security vulnerability exists in the Keysight Database Connector plugin before 1.5.0, which originates from a malicious user being able to insert arbitrary JavaScript into saved...

OpenAsset Digital Asset Management XSS Injection Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. The OpenAsset Digital Asset Management software product suffers from an XSS injection vulnerability that could allow a remote attacker to inject arbitrary JavaScript or HTML for later rendering b...

Moodle 3.7.x < 3.7.8, 3.8.x < 3.8.5, 3.9.x < 3.9.2 Input Escape Vulnerability

Moodle is prone to an input escape vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Design/Logic Flaw

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8...

CVE-2020-25631

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8...