Cross-Site Scripting (XSS)

wagtail is vulnerable to cross-site scripting. Lack of proper escaping of HTML in Wagtail StreamField blocks CharBlock , TextBlock or a similar user-defined block derived from FieldBlock allows a user with ability to author StreamField content to inject and execute arbitrary Javascript in a user'...

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss bug using file upload against admin . 💥 SUMMURY Here trudesk only allow to upload image file but it can be bypassed and attacker can upload html file . As html file can serve any javascript code ,so attacker can execute any javascript code in vicitm trudesk account . 💥 IMPACT low...

Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-server

💥 BUG Stored xss bug against admin . 💥 TESTED VERSION v2021.3.6 💥 IMPACT lower level user can make xss attack against admin . Using xss bug attacker can execute arbitary javascript in victim account .\ Thus lower level user can execute arbitary javascript in admin account using this xss and can...

PT-2021-19882 · Rabbitmq +5 · Rabbitmq +5

Name of the Vulnerable Software and Affected Versions: RabbitMQ versions prior to 3.8.17 Description: The issue concerns a potential JavaScript code execution in the context of the page when a new user is added via the management UI. This occurs due to insufficient sanitization of the tag in the...

APSB21-39 Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM. These updates resolve vulnerabilities rated Important and moderate. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser...

CVE-2020-35973

An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php...

CVE-2020-35973

An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php...

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. Netgate pfSense CE suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trigger cross-site scripting via pfSense in order to run JavaScript code in the context of a websit...

Cross-Site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. A vulnerability in the URL sanitization logic of the core parser for form elements allows arbitrary JavaScript execution when inserting malicious content into the editor using the clipboard or APIs, and then submitting the form...

Cross-Site Scripting

Overview There is an XSS vulnerability in tinymce before version 5.7.1. Impact A cross-site scripting XSS vulnerability was discovered in the URL sanitization logic of the core parser for form elements. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted...

GLPi Cross-Site Scripting Vulnerability (CNVD-2021-40317)

GLPI is a free asset and IT management software package that provides ITIL service desk functionality, license tracking and software auditing. A cross-site scripting vulnerability exists in GLPi version 9.5.4. The vulnerability stems from GLPi unvalidated metadata. An attacker can exploit the...

CVE-2021-3486

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...

Plone cross-site scripting vulnerability (CNVD-2021-37279)

Plone is a foreign open source CMS system suitable for enterprise-level applications. A cross-site scripting vulnerability exists in the user full name attribute and file upload functionality in Plone CMS versions prior to 5.2.4. The vulnerability stems from user input that is not properly encode...

The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of Adobe Connect’s instant messaging service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of Adobe Connect’s instant messaging service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

GitLab: Clipboard DOM-based XSS

Summary A clipboard DOM-based XSS exists on several Markdown text fields. Technical details The app/assets/javascripts/behaviors/markdown/copyasgfm.js file is used to get and set GFM GitHub Flavored Markdown data on the clipboard on different parts of the GitLab application. If a user copies data...

Cross-site Scripting (XSS) - Reflected in thecoshman/http

✍️ Description The web server is vulnerable to Cross-site scripting. An attacker can host a file with an XSS payload as the file name. When a user visits the web server address, the javascript will be executed in the browser. This is due to improper sanitization. 🕵️‍♂️ Proof of Concept - Create a...

APSB21-15 Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM. These updates resolve vulnerabilities rated Critical and Important. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser...

Arbitrary JavaScript Execution

Overview There is a security vulnerability in json-ptr versions prior to v2.1.0 in which an unscrupulous actor may execute arbitrary code. If your code sends un-sanitized user input to json-ptr's .get method, your project is vulnerable to this injection-style vulnerability. Recommendation Upgrade...

Apple iOS 资源管理错误漏洞

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in Apple iOS, which could allow an attacker executing JavaScript to execute arbitrary code. The following products and versions are affected: iPhone 6s and later, iPad Pro all models, iPad...