SUSE CVE-2010-3773

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

SUSE CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...

SUSE CVE-2017-12061

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...

CVE-2022-4286

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

Tasmota 跨站脚本漏洞

Tasmota is a replacement firmware for the ESP8266 with easy configuration using the webUI, OTA updates, automation using timers or rules, scalability, and full local control over MQTT, HTTP, serial or KNX. A security vulnerability exists in Tasmota firmware version 6.5.0 that could allow a remote...

DEBIAN-CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

CVE-2022-43754

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed...

GHSA-43XG-8WMJ-CW8H Apache Spark vulnerable to Log Injection

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

Ragic 跨站脚本漏洞

Ragic is a No Code enterprise e-enablement tool from China Immediate Technology Ragic. A cross-site scripting vulnerability exists in versions of Ragic prior to 2022/06/28, which stems from insufficient filtering of special characters on the report generation page and can be exploited by a remote...

CVE-2022-40178

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

PT-2022-24263 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions prior to 10.8.1 Description: The issue allows a remote attacker to potentially execute arbitrary JavaScript code in a victim's browser by convincing the user to click on a crafted link. This is due to a reflect...

Mozilla Firefox 安全特征问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security feature issue vulnerability exists in Mozilla Firefox versions 92.0 through 98.0.2, which stems from an error that allows the element of SVG to load unexpected content and execute it under...

F-secure F-Secure SAFE 跨站脚本漏洞

F-Secure F-Secure SAFE is a suite of antivirus software from the Finnish company F-Secure F-secure.F-Secure SAFE Browser for Android is vulnerable to cross-site scripting, which can be exploited by attackers to remotely execute JavaScript and trigger generic cross-site scripting through the brows...

欣学英资讯 webopac7 跨站脚本漏洞

XinXueYing Info Webopac7 is an online public access catalog of China XinXueYing Info. It is used for users to access library services over the Internet. A cross-site scripting vulnerability exists in XinXueYing Info webopac7, which originates from a book search field parameter that does not...

UBUNTU-CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

GHSA-93C4-VF86-3RJ7 Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

Design/Logic Flaw

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

Delta Electronics DiaLink 跨站脚本漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

CVE-2021-41563

Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-3043

A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...