MarkText 跨站脚本漏洞

MarkText is a simple and elegant Markdown editor with a focus on speed and usability.A cross-site scripting vulnerability exists in versions of MarkText prior to 0.17.0, which stems from improper handling of links using javascript:scheme in documents. A remote attacker could exploit this...

GROWI 及更早跨站脚本漏洞

Weseek Growi is an open source wiki system that can be written in Markdown by Weseek Japan. A security vulnerability in GROWI v4.2.19 and earlier versions, which stems from insufficient tag cleanup, allows remote attackers to execute arbitrary scripts on the web browsers of users accessing...

PT-2021-19681 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle version 3.10.3 Description: The issue allows remote attackers to execute arbitrary web script or HTML via the Description field, which is a Cross Site Scripting XSS issue. Recommendations: For Moodle version 3.10.3, update to a newer...

safe FME Server 跨站脚本漏洞

safe FME Server is an application from safe Canada. A web data conversion application. A cross-site scripting vulnerability exists in safe FME Server that could allow a remote attacker to inject arbitrary web script or HTML code execution by modifying the username...

CVE-2020-23762

Cross Site Scripting XSS vulnerability in the Larsens Calender plugin Version = 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab...

OESA-2021-1068 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. The latest...

CuteSoft Cute Editor Cross-Site Scripting Vulnerability

CuteSoft Cute Editor is a U.S. CuteSoft company can be used to edit PHP and ASP HTML editor. A cross-site scripting vulnerability exists in Cute Editor for ASP.NET version 6.4, which allows remote attackers to execute scripts in the victim's web browser using specially crafted URLs...

DELL Dell EMC iDRAC9 Cross-Site Scripting Vulnerability

DELL Dell EMC iDRAC9 is a system management solution comprising hardware and software from Dell USA. The solution provides remote management, crash system recovery and power control for Dell PowerEdge systems. A cross-site scripting vulnerability exists in the Dell EMC iDRAC9 version 4.32.10.00 a...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

Cisco Vision Dynamic Signage Director Web Management Interface Cross-Site Scripting Vulnerability

Cisco Vision Dynamic Signage Director is an end-to-end dynamic signage and IPTV solution from Cisco USA. A cross-site scripting vulnerability exists in the Web management interface in Cisco Vision Dynamic Signage Director versions prior to 6.2 SP5, which stems from the program failing to properly...

RosarioSIS Cross-Site Scripting Vulnerability (CNVD-2020-42950)

RosarioSIS is a student information system for school management. A cross-site scripting vulnerability exists in RosarioSIS 6.7.2. The vulnerability stems from improper validation of user-supplied input in the Preferences.php script. A remote attacker can exploit the vulnerability by using the ta...

PT-2020-2159 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...

PT-2020-2194 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications lies in insufficient encoding of user-input data, allowing attackers to execute malicious scripts.

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications is related to insufficient encoding of user-input data. Exploiting this vulnerability allows a malicious actor to execute malicious scripts remotely...

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability (CNVD-2020-02286)

Cisco Data Center Analytics Framework DCAF application is a set of data center analytics frameworks from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web management interface in Cisco Data Center Analytics Framework Releases prior to 8.3.7.5.4, which stems from...

PT-2019-18459 · Synology · Video Station

Name of the Vulnerable Software and Affected Versions: Video Station versions prior to the latest version Description: This issue allows remote attackers to inject and execute scripts on the administrator’s management console through a cross-site scripting XSS vulnerability in Video Station...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...