Design/Logic Flaw

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

spaceLYnk 跨站脚本漏洞

The Schneider Electric spaceLYnk is a programmable logic controller from Schneider Electric France. The spaceLYnk suffers from a cross-site scripting vulnerability that originated when an attacker could use the vulnerability to inject and execute arbitrary malicious JavaScript code in the target...

CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...

UBUNTU-CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...

AlmaLinux 8 : thunderbird (ALSA-2021:5045)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:5045 advisory. - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a resource mishandling vulnerability that stems from the way the browser handles XSL documents. An attacker could use the vulnerability to trick a victim into loading a...

Mozilla Firefox < 97.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 97.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-04 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96...

WordPress plugin SVG Support 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress SVG Support plugin in versions prior to 2.3.20 suffers from a cross-site scripting vulnerability, which stems from a lack of data validation filtering of user-supplied data and output...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Learning Courses plugin in versions prior to 5.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An...

Emlog 跨站脚本漏洞

Emlog is a PHP and MySQL-based CMS website builder from Emlog personal developers. Emlog suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could use this vulnerability to execute JavaScript code ...

多款Apple产品安全漏洞

Apple tvOS and others are products of Apple Inc. in the U.S. Apple tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. apple macOS Monterey is the 18th major version of macOS, the operating system used for the Macintosh desktop. A security vulnerability exists in...

ForestBlog 跨站脚本漏洞

ForestBlog is an application. A personal blog. ForestBlog suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute JavaScript code on the client side...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Code Snippets plugin for WordPress prior to 2.14.3,...

WordPress plugin 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. a cross-site scripting vulnerability exists in versions of WordPress prior to myCred plugin 2.4, which...

U.S. Dept Of Defense: Reflected XSS at https://█████ via "██████████" parameter

There is Reflected Cross site scripting issue at the following url: https://█████ Proof Of Concept https://████████?█████=%22onfocus%3d%22alertdocument.domain%22autofocus%3d%22&█████████████████████=Search ████ Best Regards @pelegn Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing...

Cross-site Scripting (XSS) - Reflected in mermaid-js/mermaid-live-editor

Description There is a reflected XSS vulnerability in Mermaid v8.13.9 Live Editor. It is fixed in Mermaid develop Branch - Proof of Concept Open following link: \ \ \ \ Or copy & paste following in Mermaid v8.13.9 Live Editor: classDiagram class Duck +String beakColor +swim +quack Impact Execute...

Mitsubishi Electric MC Works64 跨站脚本漏洞

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. Mitsubishi Electric MC Works64 suffers from a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied data and output. An attacker could exploi...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited to run JavaScript in the context of the...

The vulnerability in the isolated iframe environment of Thunderbird email clients, as well as Firefox and Firefox ESR browsers, allows an attacker to bypass the isolated JavaScript iframe environment and execute arbitrary JavaScript code in a random window.

The vulnerability in the isolated iframe environment of Thunderbird email clients, as well as Firefox and Firefox ESR browsers, relates to exploiting security restrictions during the execution of XSLT transformations using iframe-based environments. Exploiting this vulnerability allows an attacke...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Modern Events Calendar Lite plugin in versions prior to 6.2.0 suffers from a cross-site scripting...