4 matches found
Cross-Site Scripting (XSS)
Keycloak Core is vulnerable to reflected cross-site scripting. The vulnerability exists via the POST http requests due to lack of escaping which allows a malicious attacker to inject and execute arbitrary javascript...
CVE-2021-36702
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...
CVE-2021-36702
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...
NextApp Echo < 2.1.1 XML Injection Vulnerability
No description provided by source. SEC Consult Security Advisory 20090305-0 ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2...