CVE-2021-23037

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note:...

Cross site scripting

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note:...

Plesk Obsidian 跨站脚本漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability in Plesk Obsidian versions 18.0.0 through 18.0.32 allows an attacker to execute JavaScript code in a victim's browser by using a link to preview a site hosted on the server...

Cross-site Scripting (XSS)

Overview pekeupload is a jQuery plugin that allows you to easily add multiple or single file upload functionality to your website. This plugin uses html5 only. Affected versions of this package are vulnerable to Cross-site Scripting XSS. If an attacker induces a user to upload a file whose name...

CVE-2021-1864

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code...

CVE-2021-1864

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code...

Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code...

CVE-2021-1864

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code...

CVE-2021-1864

CVE-2021-1864 is a use-after-free vulnerability that was addressed with improved memory management. It affected Apple platforms and was fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, and tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code. The connected documen...

PT-2021-30879 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.1 and below FortiOS versions 6.2.9 and below Description: The issue allows a remote unauthenticated attacker to either redirect users to malicious websites via a crafted Host header or to execute JavaScript code in the...

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

✍️ Description stored xss bug via link in store 🕵️‍♂️ Proof of Concept 1. goto https://mainnet.demo.btcpayserver.org/stores and create a store .\ 2. Now open that store using url https://mainnet.demo.btcpayserver.org/stores/BuBNcrh8vpu4sMcTikqXoP5pXU49hvoFDyqAoA46Tns2 and change website link to...

Gibbon 跨站脚本漏洞

Gibbon is a school platform that solves real-world problems that educators encounter every day. A cross-site scripting vulnerability exists in Gibbon application version 22 that allows arbitrary execution of JavaScript code...

Cross-site Scripting (XSS) - DOM in forkcms/forkcms

✍️ Description The underlying library needs to get the charset in lowercase but fork is passing it in uppercase causing some of the XSS protections to fail 🕵️‍♂️ Proof of Concept Go to...

CVE-2020-13639

A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECTProvider/, such that when the content is viewed it can only be...

CVE-2020-13639

A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECTProvider/, such that when the content is viewed it can only be...

CVE-2021-30975

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox...

CVE-2021-30969

A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk...

CVE-2021-30969

A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk...

CVE-2021-30862

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2021-30862

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...