jsPDF 注入漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.1.0 had an injection vulnerability. This vulnerability stemmed from the first parameter of the addMetadata function, allowing users to inject arbitrary XML, which could potentially...

CVE-2021-41171

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...

OpenCart 跨站脚本漏洞

OpenCart is an open source e-commerce system by the Chinese OpenCart team. The system provides modules for product reviews, product ratings, and product additions. A cross-site scripting vulnerability exists in OpenCart versions prior to 4.1.0. An attacker can exploit this vulnerability to modify...

Xibo CMS 安全漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo CMS versions prior to 4.1.0, which stems from vulnerability to a cross-site scripting attack that allows authorized users to execute JavaScript via the DataSet function...

PT-2021-19960 · Zstack · Z-Stack

Name of the Vulnerable Software and Affected Versions: ZStack versions prior to 3.8.21 ZStack versions prior to 3.10.8 ZStack versions prior to 4.1.0 Description: ZStack is open source IaaS software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs...