CVE-2021-45903

A persistent cross-site scripting (XSS) vulnerability in SuiteCRM’s web interface enables remote injection of arbitrary JavaScript via attachments upload. Affected versions are SuiteCRM before 7.10.35, and 7.11.x, and 7.12.x before 7.12.2. Root cause involves inadequate input handling/sanitizatio...

CVE-2019-8702

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier...

CVE-2019-8702

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier...

Design/Logic Flaw

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier...

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to...

uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities

Document Title: =============== uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2288 Release Date: ============= 2021-12-15 Vulnerability Laboratory ID VL-ID: ====================================...

Cross site scripting

An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containi...

CVE-2021-44043

An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containi...

CVE-2021-44043

UiPath App Studio 21.4.4 is affected by a persistent cross-site scripting (XSS) vulnerability in the file-upload functionality used for app icon uploads. An attacker with minimal privileges can upload a malicious file and, by altering the MIME type in a subsequent request, cause the payload to be...

CVE-2021-37071

There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos...

Spoofing

There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos...

CVE-2021-37071

There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos...

Kentico Cross-Site Scripting Vulnerability (CNVD-2022-06913)

Kentico is an ASP.NET-based content management system CMS from Kentico, Inc. A security vulnerability exists in Kentico Xperience CMS, which stems from the fact that Kentico Xperience CMS version 13.0 13.0.43 is prone to a persistent cross-site scripting XSS vulnerability also known as stored or...

Cross site scripting

The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous...

CVE-2021-43991

CVE-2021-43991 affects Kentico Xperience CMS, version 13.0–13.0.43, with a persistent (stored/second‑order) XSS vulnerability. The public description notes that attacker‑supplied script content stored by the app can be retrieved and executed by other users, enabling attacks such as session hijack...

CVE-2021-43991 Persistent XSS via Avatar Upload in Kentico Xperience CMS

The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous...

Kentico 跨站脚本漏洞

Kentico is an ASP.NET-based content management system CMS from Kentico, Inc. A security vulnerability exists in Kentico Xperience CMS, which stems from the fact that Kentico Xperience CMS version 13.0 13.0.43 is prone to a persistent cross-site scripting XSS vulnerability also known as stored or...

CVE-2021-42119

CVE-2021-42119 describes a persistent cross-site scripting vulnerability in Business-DNA Solutions GmbH TopEase platform (version ≤ 7.1.27) exposed through the Search Functionality. The issue arises when authenticated users with Object Modification privileges can inject arbitrary HTML/JavaScript ...

Cross site scripting

The “WPO365 | LOGIN” WordPress plugin up to and including version 15.3 by wpo365.com is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data...

CVE-2021-43409 WPO365 | LOGIN - Wordpress Plugin Persistent Cross-Site Scripting

The “WPO365 | LOGIN” WordPress plugin up to and including version 15.3 by wpo365.com is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data...