Fresenius Kabi Agilia Connect Infusion System 跨站脚本漏洞

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.A cross-site scripting vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which can be exploited by attackers to inject JavaScript into the GET parameter of HTTP request'...

CVE-2021-44163

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS reflected Cross-site scripting attack without authentication...

Cross site scripting

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS reflected Cross-site scripting attack without authentication...

Chain Sea Ai Chatbot System跨站脚本漏洞

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, China. Chain Sea Ai Chatbot System is vulnerable to a cross-site scripting vulnerability, which is caused by the product not filtering special characters in URL parameters and can be exploited for JS...

UiPath Assistant 注入漏洞

UiPath Assistant is a specialized tool for UiPath designed to make it easy and fun for users to interact with bots from the desktop. UiPath Assistant 21.4.4 suffers from a security vulnerability that stems from user control data provided to the --process-start parameter of the uipath-assistant://...

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...

Malicious Package

Overview discordjs-lofy is a malicious package. This package injecting malicious Javascript code into the Discord client. Remediation Avoid using all malicious instances of the discordjs-lofy package...

Cross-Site Scripting (XSS)

kevinpapst/kimai2 is vulnerable to cross-site scripting. The vulnerability exists in commentContent function of MarkdownExtension.php because the markdown doesn't use safe mode which allows an attacker to inject and execute arbitrary javascript...

Cross-site Scripting (XSS)

kevinpapst/kimai2 is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the project, customer, and activity attributes in the setEntries function of KimaiRecentActivities.js as it does not properly escape the user inputs...

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing content such as key factors and key people. IBM Cognos Analytics has a security vulnerability...

The vulnerability of the BBCode parser in the vBulletin commercial web forum, related to the lack of protection for the website structure, allows a violator to execute arbitrary JavaScript.

The vulnerability of the BBCode parser in the vBulletin commercial web forum is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript by injecting code into messages using embedded BBCodes...

Cross Site Scripting (XSS)

@backstage/plugin-auth-backend is vulnerable to Cross Site Scripting. The vulnerability exists in makeCreateEnv of index.ts because the code doesn't enable authorization which allows an attacker to inject and execute arbitrary javascript...

CVE-2021-42119 Stored XSS in Search Function in TopEase

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

CVE-2021-36332

CVE-2021-36332 affects Dell EMC CloudLink 7.1 and earlier. The issue is a HTML/JavaScript injection (input validation) vulnerability that could be exploited remotely by a low-privilege attacker to redirect end users to arbitrary or malicious websites. Multiple connected sources corroborate the vu...

Cross-site Scripting (XSS)

plupload is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the file.name field as it does not properly encode the user input file name...

Cross-Site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of HTML in the Advance Content Filter ACF module which allows an attacker to inject maliciously crafted HTML containing Javascript code...

CVE-2021-42838

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks...