WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Chained Quiz plugin 1.2.7.2 previously contained a cross-site scripting vulnerability that stemme...

openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:3325-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3325-1 advisory. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the...

CVE-2021-42044

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline,...

Design/Logic Flaw

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log...

CVE-2021-42041

CVE-2021-42041 affects MediaWiki CentralAuth up to version 1.36.2, where the rightsnone message was not properly sanitized. This allows injection and execution of HTML/JavaScript via the setchange log, enabling a potential cross-site scripting vector. The CVSS metrics indicate a Network attack ve...

CVE-2021-42044

**CVE-2021-42044 (MediaWiki)FFECT: The issue affects the Mentor dashboard in the GrowthExperiments extension up to MediaWiki 1.36.2, where specific mentor- and mentee-related Messages (e.g., add-filter-total-edits, info-text, info-legend, active-ago) were not properly sanitized. This allows injec...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki, which stems from...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that allows injection and execution of HTML and...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in Special:MediaSearch in MediaWiki's MediaSearch extension, whic...

UBUNTU-CVE-2021-39878

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...

Cross-site Scripting (XSS) - Generic in snipe/snipe-it

Description At File Uploads allows for arbitrary execution of JavaScript Step to Reproduct XSS at filename Goto detail of one asset At tab File choose to upload file with filename contain payload: file'name XSS when upload file .svg In list file types are allowed don't have file .svg Goto detail ...

openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:1334-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1334-1 advisory. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the...

IceHrm 跨站脚本漏洞

IceHrm is a human resource management Hrm system that includes features such as employee management, leave management, and payroll. The system includes functions such as employee management, leave management and payroll management.IceHrm has security vulnerabilities on several pages that could be...

PYSEC-2021-350

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-25963 Shuup - Reflected XSS in Error Page

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

CVE-2021-40711 Adobe Experience Manager Stored Cross-Site Scripting Could Lead to Arbitrary Code Execution

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they...

Cross-site Scripting (XSS) - Stored in zikula-modules/content

Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...

CVE-2021-39307

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code...

PDFTron WebViewer 跨站脚本漏洞

PDFTron WebViewer is an avaScript PDF library from PDFTron Canada for all browsers, frameworks and mobile devices with no server-side dependencies. Supports PDF, MS Office, CAD and more than 30 formats. A cross-site scripting vulnerability exists in PDFTron WebViewer UI 8.0 and prior versions,...

Cross site scripting

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...