PT-2022-4661 · Otrs +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS affected versions not specified Description: The issue allows an attacker logged in as an admin user to manipulate the customer URL field, storing JavaScript code that can be executed later by any agent when clicking the customer URL lin...

Calibre-Web Cross-Site Scripting Vulnerability

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. A cross-site scripting vulnerability exists in the Calibre-web application versions v0.6.0 through v0.6.12, which can be exploited by an attacker to inject JavaScript exploit script into the...

CVE-2021-41567

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-41563

Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-41565

CVE-2021-41565 affects Tad Tools TadTools. The issue is a cross-site scripting vulnerability caused by insufficient validation of input on a special page parameter, enabling remote attackers to inject JavaScript without logging in and potentially perform reflective XSS. Primary impact is client-s...

Cross-Site Scripting (XSS)

djangounicorn is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript through component.name...

Zammad 跨站脚本漏洞

Zammad is a Web-based open source help desk/customer support system. An attacker could upload an attachment to a "work order" via an "article", which could be exploited to inject malicious JavaScript code...

CVE-2021-42042

An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript...

CVE-2021-42044

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline,...

CVE-2021-42042

An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript...

CVE-2021-42046

CVE-2021-42046: A flaw in the MediaWiki GlobalWatchlist extension up to 1.36.2 allows HTML/JavaScript injection via rev-deleted-user and ntimes messages due to improper escaping. Connected advisories confirm affected MediaWiki versions and indicate the issue arises from insufficient escaping rath...

CVE-2021-42046

An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript...

CVE-2021-42041

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log...

CVE-2021-42042

CVE-2021-42042 concerns MediaWiki’s GrowthExperiments extension, specifically the SpecialEditGrowthConfig vulnerability where the growthexperiments-edit-config-error-invalid-title message was not sanitized. This allowed injection and execution of HTML/JavaScript. The description lists the affecte...

CVE-2021-42043

The CVE-2021-42043 entry concerns MediaWiki’s Special:MediaSearch in the MediaSearch extension up to version 1.36.2. The bug is caused by improper sanitization of the suggestion text parameter to mediasearch-did-you-mean, enabling injection/execution of HTML and JavaScript via the intitle: search...

CVE-2021-42043

An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...

PT-2021-23485 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36.3 Description: An issue was discovered in the GlobalWatchlist extension where the rev-deleted-user and ntimes messages were not properly escaped, allowing users to inject HTML and JavaScript. Recommendations:...

PT-2021-23482 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 MediaSearch extension versions through 1.36.2 Description: An issue was discovered in Special:MediaSearch in the MediaSearch extension. The suggestion text, a parameter to mediasearch-did-you-mean, was not...

PT-2021-23481 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 GrowthExperiments extension in MediaWiki versions through 1.36.2 Description: An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension. The...

PT-2021-23487 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 Description: An issue was discovered in the Growth extension in MediaWiki. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...