UBUNTU-CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

UBUNTU-CVE-2021-22260

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...

PT-2021-22753 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.5 and above Description: The issue arises from improper validation of ipynb files, allowing an attacker to execute arbitrary JavaScript code on the victim's behalf. This enables the attacker to perform actions as the...

Oracle Linux 7 : firefox (ELSA-2021-4116)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4116 advisory. 91.3.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.j...

CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

Design/Logic Flaw

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress WP Sitemap Page plugin has a cross-site scripting vulnerability in versions prior to 1.7.0, which stems from ...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Cool Tag Cloud plugin in versions prior to 2.26 suffers from a cross-site scripting vulnerability...

WordPress YouTube plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress YouTube plugin before version 1.4 has a cross-site scripting vulnerability that stems from a lack of checksum filtering ...

GHSA-JVJP-VH27-R9H5 Cross-site Scripting in PiranhaCMS

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Cross-site Scripting in PiranhaCMS

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Redis Labs Redis 跨站脚本漏洞

Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A cross-site scripting vulnerability exists in ASRedis versions prior to 0.5, which can be exploited ...

Shopware 跨站脚本漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware in versions prior to 5.7.6 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description When uploading a new module, the description of the module can contain JavaScript code. After uploading the new module and looking at the Details page, the JavaScript code would be executed. Proof of Concept - I downloaded this module...

GHSA-W7X8-CQ7R-G5G9 Cross Site Scripting in Microweber

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

CVE-2021-25977

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Design/Logic Flaw

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

CVE-2021-25977 Piranha CMS - Stored XSS in Page Title

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

CVE-2021-25977 Piranha CMS - Stored XSS in Page Title

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Akaunting 跨站脚本漏洞

Akaunting, an application from Akaunting, Inc. provides all the tools needed to manage funds online.Akaunting version 1.3.17 contains a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied and output data in the company name input field. An attacker cou...