PT-2022-5956 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue is a reflected Cross-Site Scripting XSS vulnerability. It can be exploited if an attacker convinces a victim to visit a URL referencing a vulnerable page, allowing...

PT-2022-5997 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. It can be exploited if an attacker convinces a victim to visit a URL referencing a vulnerable page,...

Cross-site Scripting (XSS)

thinkcmf/thinkcmf is vulnerable to cross-site scripting.The vulnerability exists in multiple functions due to insufficient sanitization of the slideshow management section which allows an attacker to inject and execute malicious JavaScript into the system...

Cross-site Scripting (XSS)

baserproject/basercms is vulnerable to cross-site scripting. The vulnerability exists due to insufficient sanitization of user-supplied data in user group management feature which allows an attacker to inject and execute malicious javaScript on victim's browser...

Cross-site Scripting (XSS)

baserproject/basercms is vulnerable to cross-site scripting. The vulnerability exists due to insufficient sanitization of user-supplied data in the permission settings feature which allows an attacker to inject and execute malicious JavaScript on the victim's browser...

Cross-site Scripting (XSS)

baserproject/basercms is vulnerable to cross-site scripting. The vulnerability exists when the management system is used by an unspecified number of users which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

spatie/browsershot is vulnerable to cross-site scripting. The vulnerability exists due to the lack of file:// validation in the html content of Browsershot.php which allows a remote attacker to inject and execute malicious JavaScript into the system...

baserCMS 跨站脚本漏洞

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A cross-site scripting vulnerability exists in baserCMS 4.7.1 and earlier versions, which can be exploited by an attacker to execute malicious JavaScript code that may alter the display of a page or disclose...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting. The vulnerability exists due to a lack of validation in the user-supplied input for field.class.php and helper.php which allows a remote attacker to inject and execute malicious JavaScript into the system...

Cross-site Scripting (XSS)

silverstripe/versioned-admin is vulnerable to cross-site scripting.The vulnerability exists in the Value function of DiffField.php due to non-html fields in diff which allows an attacker to inject and execute malicious JavaScript via compare mode...

Cross-Site Scripting (XSS)

activemq is vulnerable to cross-site scripting attacks. The vulnerability exists in the web based administration console on the message.jsp which allows an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

kiwitcms is vulnerable to cross-site scripting. The vulnerability exists in diffobjects function in history.py due to lack of validation of the store values which allows a remote attacker to inject and execute malicious javascript into system...

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.9.0 and later, 3.9.18 and earlier, 3.11.0 and later, 3.11.11 and...

DOM-based Cross-site Scripting (DXSS) Vulnerability

Description Two CalendarXP products have DXSS vulnerability in common parts of HTML files. CalendarXP FlatCalendarXP through 10.0.1 has DXSS vulnerability in iflateng.htm and nflateng.htm, and CalendarXP PopCalendarXP through 10.0.1 has DXSS vulnerability in ipopeng.htm and npopeng.htm. Proof of...

GHSA-HF94-8MX5-2VVJ Cross-site Scripting in kiwitcms

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

Cross-Site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to cross-site scripting. The vulnerability exists because the admin privileges are not properly handled when editing content types which allows an attacker to inject and execute malicious javascript in the content type entries...

Cross-site Scripting (XSS)

librenms/librenms is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in the map items in print-alert-rules.php, which allows a remote attacker to inject and execute malicious JavaScript into the system...

CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2022-4105

CVE-2022-4105 refers to a stored XSS in Kiwi TCMS’s kiwi Test Plan. The vulnerability allows attacker-supplied JavaScript to execute in the context of the application, potentially enabling a chained HTML injection that can perform a UI redressing attack (clickjacking) and an HTML injection that d...