The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to trigger cross-site scriptin...

F5 Networks BIG-IP : XSS vulnerability (K19166530)

A cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.CVE-2020-27719 Impact An attacker can exploit this vulnerability to run JavaScript in the context of the currently logged-in user. When successfully exploiting this vulnerability in the...

CVE-2019-14478

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...

Code injection

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser through a specially created websi...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2021-02377)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Amazon Linux 2 : thunderbird (ALAS-2020-1572)

The version of thunderbird installed on the remote host is prior to 78.4.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1572 advisory. The Mozilla Foundation Security Advisory describes this flaw as:Mozilla developer reported memory safety bugs present...

Systran Pure Neural Server Cross-Site Scripting Vulnerability

Systran Pure Neural Server is a Web platform product for document translation from Systran, Germany. A cross-site scripting vulnerability previously existed in Systran Pure Neural Server 9.7.0, which stemmed from a cross-site scripting XSS issue in WebUI Translation that allowed a threat actor to...

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using a specially crafted...

The vulnerability of Adobe Connect’s instant messaging program lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

Cross-Site Scripting (XSS)

html-purify is vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows execution of javascript via a malicious URIs...

CVE-2020-15249

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since S...

CVE-2020-15249

CVE-2020-15249 applies to October CMS: backend file upload allowed SVGs without sanitization in versions before 1.0.469 (and 1.0.x), enabling potential stored XSS via uploaded SVG content. The issue’s root cause is lack of SVG sanitization in the Media upload feature; the backend displays SVGs as...

Dell EMC RSA Archer 注入漏洞

Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An injection vulnerability exists in Dell EMC RSA Archer versions 6.8...

CVE-2020-25798

A stored cross-site scripting XSS vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the...

The vulnerability of the Marketo Sales Insight Salesforce automated marketing software package lies in the lack of measures to cleanse input data, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the Marketo Sales Insight Salesforce automated marketing software package is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary JavaScript code...

U.S. Dept Of Defense: Reflected Xss in [██████]

Description: Reflected XSS in █████████ due to unsanitized single quote '. Impact An attacker could execute arbitrary javascript, and perform malicious actions ! Step-by-step Reproduction Instructions 1. Used payload: simo%27onfocus=%27confirmdocument.domain%27name=%27simo%27simo 2. Visit the url...

PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...