7657 matches found
Cross site scripting
A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields...
Cross site scripting
A persistent cross site scripting XSS vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field...
CVE-2021-27822
A persistent cross site scripting XSS vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field...
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall WAF appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface...
CVE-2021-39267
Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution such...
Cross site scripting
Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...
CVE-2021-39267
CVE-2021-39267 describes a persistent cross-site scripting (XSS) vulnerability in the SuiteCRM web interface. The issue allows a remote attacker to inject arbitrary JavaScript by uploading files, due to a Content-Type Filter bypass where text/html is blocked but other types capable of executing J...
CVE-2021-39267
Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution such...
CVE-2021-39268
CVE-2021-39268 : Persistent XSS in SuiteCRM web interface prior to 7.11.19. An attacker can inject arbitrary JavaScript via malicious SVG files because the clean_file_output protection can be bypassed. Impact is remote code execution of JavaScript with LOW integrity impact and no confidentiality/...
CVE-2021-3619 Rapid7 Velociraptor Notebooks Authenticated Persistent XSS
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting XSS issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to...
CVE-2021-3619
CVE-2021-3619 affects Rapid7 Velociraptor up to version 0.5.9. It is a post-authentication persistent XSS vulnerability where an authenticated user could abuse MIME type sniffing to embed executable code via a malicious upload. The issue was fixed in version 0.6.0. Note that Velociraptor login ri...
MAC1100 PLC Denial of Service Vulnerability
The MAC1100 PLC is an industrial control product PLC. A security vulnerability exists in the MAC1100 PLC that can be exploited by an attacker to cause a persistent denial of service DOS via a crafted package...
CVE-2021-38757
CVE-2021-38757 is a reported persistent cross-site scripting (XSS) vulnerability in a Hospital Management System (often referenced as PHPGurukul/Hospital Management System). The public descriptions consistently state that the XSS is targeted at the web admin via the contact.php endpoint. Exploit ...
CVE-2021-38756
CVE-2021-38756: Persistent cross-site scripting in Hospital Management System (PHPGurukul) via prescribe.php affecting web admin. Descriptions indicate the vulnerability enables execution of JavaScript through input on prescribe.php; root cause not explicitly stated in provided documents. CVSS sc...
CVE-2021-38757
Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php. Recent assessments: nu11secur1ty at August 17, 2021 2:20pm UTC reported: XSS-Stored PHPSESSID user PWNED on Hospital Management System Vulnerable parameter “txtMsg” on contact...
CVE-2020-18757
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service DOS via a crafted packet...
CVE-2020-18757
The CVE-2020-18757 entry concerns Dut Computer Control Engineering Co.’s MAC1100 PLC. Affected component: MAC1100 PLC; vulnerability type: denial of service; root cause described as a crafted packet that allows an attacker to cause a persistent DOS condition. Across connected sources (Red Hat adv...
389-ds:1.4 security and bug fix update
1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin 1.4.3.16-18 - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed...
CVE-2021-0083
Improper input validation in some IntelR OptaneTM PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access...
CVE-2021-3539
CVE-2021-3539 affects EspoCRM 6.1.6 and earlier, with a persistent (type II) cross-site scripting (XSS) vulnerability in handling user-supplied avatar images. The issue is fixed in version 6.1.7. The connected documents corroborate the vulnerability and the fix; no exploit details are provided. R...