Sourcecodester Online Discussion Forum Site 跨站脚本漏洞

Sourcecodester Online Discussion Forum Site is an application of Sourcecodester. An online discussion forum. A cross-site scripting vulnerability exists in Sourcecodester Online Discussion Forum Site v1.0, which originates from /odfs/classes/Master.php?f=savecategory, name missing data filtering...

flatCore 代码注入漏洞

flatCore is a lightweight content management system CMS based on PHP and SQLite. A security vulnerability exists in flatCore-CMS v2.0.8, which stems from the lack of data filtering and escaping in /content/cache/activeurls.php and /content/cache/cachelastedit.php, which can be exploited by...

LibreNMS 跨站脚本漏洞

LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. The system features custom alerts, auto-discovery of network environments and automatic updates.LibreNMS v22.3.0 version contains a cross-site scripting vulnerability that originates from the...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable charting/whiteboard visualization application for JGraph. versions prior to JGraph draw.io 18.0.4 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could explo...

MicroStrategy Web SDK 代码问题漏洞

The MicroStrategy Web SDK is a JavaScript library from MicroStrategy, Inc. Interact with different CARTO APIs to build custom applications on top of deck.gl that utilize vector rendering. A security vulnerability exists in MicroStrategy Web SDK version 11.1 and prior versions, which stems from a...

Security Bulletin: IBM Guardium Data Encryption is vulnerable to missing data encoding issue (CVE-2021-39027)

Summary A vulnerability was identified in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39027 DESCRIPTION: IBM Guardium Data Encryption GDE prepares a structured message for communication with another component, but encoding...

Vendure 跨站脚本漏洞

Vendure is a headless GraphQL eCommerce framework based on Node.js and Nest ＆ TypeScript, focused on developer productivity and easy customization. version 0.1.0-alpha.2 to 1.5.1 of Vendure is vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation...

REDCap 11.3.9 - Stored Cross Site Scripting Vulnerability

Exploit Title: REDCap 11.3.9 - Stored Cross-Site Scripting Exploit Author: Kendrick Lam References: https://github.com/KCL04/XSS-PoCs/blob/main/CVE-2021-42136.js Vendor Homepage: https://projectredcap.org Software Link: https://projectredcap.org Version: Redcap before 11.4.0 Tested on: 11.2.5 CVE...

REDCap Cross-Site Scripting Vulnerability (CNVD-2022-81345)

A cross-site scripting vulnerability exists in versions of REDCap prior to 11.4.0, which stems from a lack of data validation filtering of user-supplied data and output in the missing data code functionality of the program. An attacker could exploit this vulnerability to execute JavaScript code o...

REDCap Cross Site Scripting Vulnerability

REDCap versions prior to 11.4.0 suffer from a persistent cross site scripting vulnerability that can be leveraged to escalate privileges. Exploit Title: REDCap var target = document.location.host; var csrftoken = csrftoken; var userId = ''; // Replace with your user ID. function privesc var xhr =...

REDCap Cross Site Scripting

Exploit Title: REDCap var target = document.location.host; var csrftoken = csrftoken; var userId = ''; // Replace with your user ID. function privesc var xhr = new XMLHttpRequest; xhr.open"POST", "https://" + target + "/index.php?route=ControlCenterController:saveNewAdminPriv", true;...

CVE-2021-42136

A stored Cross-Site Scripting XSS vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request...

CVE-2021-42136

A stored Cross-Site Scripting XSS vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request...

CVE-2021-42136

Summary: CVE-2021-42136 is a stored XSS in REDCap’s Missing Data Codes functionality present in versions before 11.4.0. The vulnerability allows an attacker to store JavaScript as a Missing Data Code value, which is then executed in the victim’s browser and can be leveraged to perform a Cross-Sit...

REDCap 跨站脚本漏洞

A cross-site scripting vulnerability exists in versions of REDCap prior to 11.4.0, which stems from a lack of data validation filtering of user-supplied data and output in the missing data code functionality of the program. An attacker could exploit this vulnerability to execute JavaScript code o...

CVE-2021-40148

In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933...

CVE-2021-37050

There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality...

ImageMagick: denial of service in cineon parsing component

The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service uncontrolled resource consumption by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a...

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...