Hitachi Vantara Pentaho 跨站脚本漏洞

Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A reflected cross-site scripting vulnerability exists in the 'type' attribute of the 'dashboardXml' paramete...

Sourceforge PhpGACL Cross-Site Scripting Vulnerability

Sourceforge PhpGACL is a pluggable Php, Mysql based platform used to provide access control for platforms organized by Sourceforge. A cross-site scripting vulnerability exists in phpGACL 3.3.7, which stems from a specially designed HTTP request that could lead to arbitrary JavaScript execution...

Revive Adserver 跨站脚本漏洞

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in userlog-index.php in Revive Adserver...

phpGACL template multiple cross-site scripting vulnerabilities

Summary Multiple cross-site scripting vulnerabilities exist in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions phpGACL 3.3.7 OpenEMR 5.0.2...

CVE-2020-23774

A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed...

Wing FTP 跨站脚本漏洞

Wing FTP Server is a cross-platform FTP server software. A cross-site scripting vulnerability exists in Wing FTP version 6.4.4, where an arbitrary IFRAME element can be included in a help page via a specially crafted link, which can be exploited by an attacker to execute sandbox arbitrary HTML an...

CVE-2020-23849

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...

Cross site scripting

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...

krpano Panorama Viewer 跨站脚本漏洞

krpano Panorama Viewer is a software for viewing panorama files from the German company krpano. The software supports high-resolution images, interactive virtual roaming, custom-designed user interface, and other features. A cross-site scripting vulnerability exists in Krpano Panorama Viewer in...

DEBIAN-CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

U.S. Dept Of Defense: Stored XSS through name / last name on https://██████████/

Description: There is stored XSS Vulnerability on https://█████/██████ by rendering unsafe input being registered on the account name and last name. ███ Step-by-step Reproduction Instructions 1. Navigate to javascript...

Korzio Djv Command Injection Vulnerability

Korzio Djv is Korzio individual developers of a Javascript-based software used to dynamically verify the Json data format . A command injection vulnerability exists in versions prior to djv 2.1.4, which stems from the lack of proper validation of client-side data by the web application. An attack...

LimeSurvey cross-site scripting vulnerability (CNVD-2021-00893)

limesurvey is an open source online questionnaire program with many functions such as questionnaire design, modification, release, recovery and statistics. A cross-site scripting vulnerability exists in the "Quota" component of the "Survey" page in LimeSurvey 3.21.1. An attacker can exploit this...

Dell EMC Unisphere for PowerMax Cross-Site Scripting Vulnerability

Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays from Dell DELL. A cross-site scripting vulnerability exists in Dell EMC Unisphere for PowerMax, which can be exploited by an attacker to trigger cross-site scripting in order to run JavaScript code ...

LimeSurvey 跨站脚本漏洞

limesurvey is an open source online questionnaire program with many functions such as questionnaire design, modification, release, recovery and statistics. A cross-site scripting vulnerability exists in the "Quota" component of the "Survey" page in LimeSurvey 3.21.1. An attacker can exploit this...

Dell EMC Unisphere for PowerMax 跨站脚本漏洞

Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays from Dell DELL. A cross-site scripting vulnerability exists in Dell EMC Unisphere for PowerMax, which can be exploited by an attacker to trigger cross-site scripting in order to run JavaScript code ...

U.S. Dept Of Defense: Reflected XSS on ███████

Summary Reflected XSS on ████████. Description During my explorations I found █████████/search/node, which provides a basic search functionality. If we search something, the value is reflected and not properly sanitized. For example if we search ██████████/search/node/chron0x we can see in the...

F5 BIG-IP APM Cross-Site Scripting Vulnerability (CNVD-2020-73172)

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A cross-site scripting vulnerability exists in F5 BIG-IP APM, which can be exploited by an attacker to trigger cross-site scripting via the...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...