COINS Construction Cloud 跨站脚本漏洞

COINS Construction Cloud is an end-to-end suite of cloud and mobile software solutions from COINS, Inc. designed to help construction executives drive increased profitability across their business. A cross-site scripting vulnerability exists in COINS Construction Cloud version 11.12, which stems...

Organizr 跨站脚本漏洞

Organizr is a tab management system. Organizr 2.1.1810 prior versions of cross-site scripting vulnerability, the vulnerability stems from the Username and Email fields lack of data provided by the user and the output data validation filter, an attacker can use the vulnerability in the client to...

Organizr 跨站脚本漏洞

Organizr is a tab management system. Designed to be a one-stop store for server front ends, Organizr version 2.1.1810 previously had a cross-site scripting vulnerability that stemmed from unpurged filenames, which could be exploited by attackers to execute JavaScript code on the client side...

Citrix Systems Citrix StoreFront Server 跨站脚本漏洞

Citrix Systems Citrix StoreFront Server Citrix StoreFront Server,Citrix StoreFront Server is a Citrix Systems Citrix Systems is an indispensable component of Xen virtualization as part of the authentication and delivery management process. Citrix StoreFront Server, Citrix StoreFront Server, Citri...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Oracle Linux 8 : thunderbird (ELSA-2022-1301)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-1301 advisory. 91.8.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.8.0-1 - Update to 91.8.0 Tenable has extracted...

Webmin 跨站脚本漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.A cross-site scripting vulnerability exists in Webmin version 1.973, which stems from a lack of filtering and escaping of user-submitted parameters in the file management...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Loco Translate plugin version prior to 2.6.1 has a cross-site scripting vulnerability, which can be exploited by attackers t...

CVE-2022-28282

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Cross site scripting

A stored cross-site scripting XSS vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which coul...

GHSA-XMJJ-3C76-5W84 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus

Impact Unauthorized JavaScript can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run an...

WordPress plugin CareerUp Careerup WordPress theme 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress CareerUp Careerup WordPress theme plugin...

WordPress plugin JobSearch WP JobSearch 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress JobSearch WP JobSearch plugin has a...

WordPress plugin Noo JobMonster WordPress theme 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Noo JobMonster WordPress theme plugin has...

WordPress plugin weDevs WP Project Manager 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress weDevs WP Project Manager plugin has a...

Joomla! Cross-site scripting vulnerability (CNVD-2022-64103)

Joomla! is a set of forum components used in the Joomla! content management system. 4.0.0 to 4.1.0 versions of Joomla! have a cross-site scripting vulnerability that stems from a filter that incorrectly cleans up and escapes the content in the code, which can be exploited by attackers to execute...

Cross-site Scripting in Parsedown

Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...