5956 matches found
Code injection
XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has...
CVE-2023-32071 XWiki Platform vulnerable to RXSS via editor parameter - importinline template
XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has...
CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin
Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...
CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin
Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...
Cross-Site Scripting (XSS)
wwbn/avideo, is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in script.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions 2.2-milestone-1, prior to 14.4.8, prior to 14.10.4, and prior to 15.0-rc-1, which originates from the ability to...
CVE-2023-2582
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...
Cross site scripting
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...
CVE-2023-2582
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...
CVE-2023-2582
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...
CVE-2023-27378
Multiple reflected cross-site scripting XSS vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not...
Cross site scripting
Multiple reflected cross-site scripting XSS vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2023-27378 BIG-IP TMUI XSS vulnerability
Multiple reflected cross-site scripting XSS vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2023-1384
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...
CVE-2023-30454
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
Cross site scripting
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
CVE-2023-29489
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31...
DEBIAN-CVE-2023-22665
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...
CVE-2023-22665
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...
Apache Jena 安全漏洞
Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. A cross-site scripting vulnerability exists in Apache Jena. The vulnerability stems from insufficient checking of user queries when calling custom...