Cross-site Scripting (XSS) - Reflected in blockonomics/woocommerce-plugin

✍️ Description Reflected javascript injection vulnerabilities exist when web applications take parameters from the URL and display them on a page. Reflection vulnerabilities occur when a website outputs a variable from the webpage URL directly to the page, such as in a PHP application that accepts...

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

CVE-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

Cross site scripting

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

CVE-2021-31792

CVE-2021-31792 affects SuiteCRM versions prior to 7.11.19. The vulnerability is a cross-site scripting flaw in the client account page that allows an attacker to inject JavaScript via the name field. No exploit specifics are provided beyond this description in the sources. Remediation per PT-Secu...

PT-2021-19509 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.19 Description: The issue allows an attacker to inject JavaScript via the name field in the client account page, potentially leading to code execution. Recommendations: For versions prior to 7.11.19, update to...

SuiteCRM 跨站脚本漏洞

SuiteCRM is a free open source customer relationship management application. A cross-site scripting vulnerability exists in the customer account page of SuiteCRM versions prior to 7.11.19. An attacker can exploit the vulnerability to inject JavaScript via the name field...

CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...

CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...

Design/Logic Flaw

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...

CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...

CVE-2021-22331

CVE-2021-22331 describes a JavaScript injection vulnerability in Huawei smartphones (notably P30) where a module does not adequately verify certain inputs. Affected P30 versions include 10.1.0.165 and earlier, and 11.x builds such as 11.0.0.118, 11.0.0.120, and 11.0.0.138 across multiple build id...

Sourcecodester Equipment Inventory System 跨站脚本漏洞

Sourcecodester Equipment Inventory System is a Sourcecodester open source application. It is used to organize and track its equipment. Sourcecodester Equipment Inventory System 1.0 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary javascrip...

Huawei 多款产品 注入漏洞

Huawei P30 is a smartphone from Huawei China.The Huawei P30 is vulnerable to JavaScript injection, which can be exploited by attackers to launch JavaScript injection by sending malicious application requests...

Unspecified Vulnerability in Vaadin vaadin-server

Vaadin-server is a Vaadin open source application . A platform for rapid development of Web applications on the Java backend . A security vulnerability exists in vaadin-server versions 7.4.0 through 7.7.19, which can be exploited by an attacker to inject malicious JavaScript via an unspecified...

MintHCM Cross-Site Scripting Vulnerability

MINTHCM is a human resources management software developed by MINTHCM MintHCM A cross-site scripting vulnerability exists in version 3.0.8. The vulnerability stems from the Import feature that allows an attacker to perform cross-site scripting XSS loads in file uploads, which can be exploited by ...

cPanel cross-site scripting vulnerability (CNVD-2021-31749)

Cpanel is a set of Web-based automated colocation platform from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 94.0.3. The vulnerability stems from saving...

CVE-2019-25028

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector...

CVE-2019-25028

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector...

Design/Logic Flaw

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 Vaadin 7.4.0 through 7.7.19, and 8.0.0 through 8.8.4 Vaadin 8.0.0 through 8.8.4 allows attacker to inject malicious JavaScript via unspecified vector...