Mozilla Firefox 安全特征问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security signature issue vulnerability exists in Mozilla Firefox due to an error in the implementation of the iframe sandbox when processing XSLT markup. A remote attacker can bypass the iframe sandbox and execute...

WordPress插件跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress 10Web Social Photo Feed Plugin has a cross-site scripting vulnerability in versions prior to 1.4.29, which stems...

MediaWiki 跨站脚本漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from a failure of the...

CVE-2022-22112

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

CVE-2022-21662 Stored XSS in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched...

PT-2022-1813 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to insufficient access controls in Microsoft Edge, allowing a remote attacker to elevate privileges in the system. This can enable the execution o...

CVE-2022-22116

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...

Debian DLA-2874-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2874 advisory. - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash...

WordPress plugin 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress CRM Form Entries Plugin has a cross-site scripting vulnerability in versions prior to 1.1.7, which ste...

DEBIAN-CVE-2021-43861

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...

UBUNTU-CVE-2021-43861

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...

Mermaid 安全漏洞

Mermaid is a software application. Create charts and visualizations using text and code. A security vulnerability exists in versions prior to Mermaid 8.13.8, which can be exploited by an attacker to run javascript code via a malicious chart on the machine reading the chart...

PT-2021-23984 · Mermaid · Mermaid

Name of the Vulnerable Software and Affected Versions: Mermaid versions prior to 8.13.8 Description: Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Malicious diagrams can run javascript...

Huawei WS318n 跨站脚本漏洞

Huawei WS318n is a router from Huawei China.The Huawei WS318n product suffers from a cross-site scripting vulnerability in the network settings interface, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute...

Cross site scripting

Reflected Cross Site Scripting XSS in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes...

CVE-2021-45425

SAFARI Montage 8.3 and 8.5 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. The CVE description indicates the flaw allows an attacker to have a victim’s browser execute JavaScript code, typically via a crafted URL parameter. Connected sources reference PoCs and exploits demon...

Cross-site Scripting (XSS)

ajaxnetprofessional is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of input validation in parse function of AjaxPro/core.js in when parsing json input which allows a malicious attacker to inject and execute arbitrary javascript...

The vulnerability of the “Holiday reason” parameter in the online event booking system SourceCodester, which allows a perpetrator to execute JavaScript commands on behalf of a user on the web server

The vulnerability of the “Holiday reason” parameter in the online event booking system SourceCodester exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute JavaScript commands on behalf of a user on the web...

Delta Electronics DIAEnergie 跨站脚本漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

CVE-2021-44042

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed when the injected content...