Cross-site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists because the fldTabHtml and fldFieldSelectorsHtml functions of Cp.php does not properly encode the tab and groupName parameters, allowing an attacker to inject and execute malicious javascript...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

Cross site scripting

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

Cross-Site Scripting (XSS)

typo3/cms and typo3/html-sanitizer are vulnerable to cross-site scripting. The vulnerability exists due to the vulnerable typo3/html-sanitize dependency used in composer.json, which does not properly sanitize sequences with special HTML comments, allowing an attacker to inject and execute malicio...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager contains a cross-site scripting vulnerability that could be exploited by attackers to execute malicious JavaScript content in the...

PT-2022-5087 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.13.0 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this by convincing a victim to visit a specially crafted URL referencing...

SQL Injection

cruddl is vulnerable to sql injection attacks. The vulnerability exists because of the missing sanitizations in the query function in arangodb-adapter.ts which allows a remote attacker to inject and execute malicious javascript script in to the system...

CVE-2022-37731

ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing...

wikmd 跨站脚本漏洞

wikmd is a file-based wiki for individual developers of linbreux. A cross-site scripting vulnerability exists in versions of wikmd prior to 1.7.1, which originates from an attacker being able to capture a user's session cookie or execute malicious Javascript while the victim is editing a markdown...

PT-2022-23169 · Wikmd · Wikmd

Name of the Vulnerable Software and Affected Versions: Wikmd versions prior to 1.7.1 Description: The issue allows an attacker to capture a user's session cookies or execute malicious Javascript when a victim edits a markdown file. Recommendations: For versions prior to 1.7.1, update to version...

Cross-site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists because the FileExtensionWhiteList function in FileUpload.fnc.php does not restrict unsanitized SVG files from being injected, which allows an attacker to execute malicious javascript and steal...

Cross-site Scripting (XSS)

x-data-spreadsheet is vulnerable to cross-site scripting. The vulnerability exists due to the missing sanitization of values inserted into the cells, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The use of the v-html tag in MultiselectInput.vue allows an attacker to inject and execute malicious javascript through the dynamic options in the multi-select field...

Cross-site Scripting (XSS)

keycloak-wildfly-adduser is vulnerable to cross-site scripting. The vulnerability exists due to lack of escape in Add use parameter which allows a remote attacker to inject and execute malicious javascript into the system...

PT-2022-23925 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 6.11 P3 6.11.0.3 Description: The issue allows a remote unauthenticated malicious user to potentially exploit a reflected XSS vulnerability by tricking a victim application user into supplying malicious...

Cross-site Scripting (XSS)

artemis-plugin is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the address and queue attributes in the ConsumersController function of consumers.js, allowing an attacker to show malicious content or redirect to malicious URLs in the web console b...