Desknets Neo Cross-Site Scripting Vulnerability

Desknets Neo is a remote office support software from Japanese company Desknets. A cross-site scripting vulnerability exists in desknets NEO, which originates from a vulnerability that allows remote attackers to inject arbitrary scripts via unspecified vectors. The following products and versions...

PT-2020-17141 · Thinkadmin · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin versions v1 through v6 Description: The issue allows remote attackers to inject an arbitrary web script or HTML, exploiting a stored XSS vulnerability. Recommendations: For ThinkAdmin versions v1 through v6, update to a version tha...

ThinkAdmin 跨站脚本漏洞

ThinkAdmin is a backend administration framework developed based on the latest ThinkPHP V6 , using the MIT protocol open source. thinkAdmin v1, v6 exists a stored cross-site scripting vulnerability. A remote attacker can use the vulnerability to inject arbitrary Web script or HTML...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

CVE-2020-27741

Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

CVE-2018-8062

A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...

VulnCheck KEV: CVE-2013-2618

Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter...

CVE-2020-5631

Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

The vulnerability of the ColdFusion interpreter, related to the lack of measures taken to protect the structure of web pages, allows attackers to inject arbitrary web scripts or HTML code and gain access to protected information.

The vulnerability of the ColdFusion interpreter is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows an attacker to inject arbitrary web scripts or HTML code remotely, gain access to protected information, and modify the appearance of the...

Cisco Vision Dynamic Signage Director Web Management Interface Cross-Site Scripting Vulnerability

Cisco Vision Dynamic Signage Director is an end-to-end dynamic signage and IPTV solution from Cisco USA. A cross-site scripting vulnerability exists in the Web management interface in Cisco Vision Dynamic Signage Director versions prior to 6.2 SP5, which stems from the program failing to properly...

Firco Continuity Cross-Site Scripting Vulnerability

Firco Continuity is a real-time trade screening solution. A stored cross-site scripting vulnerability exists in Firco Continuity 6.2.0.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the username field on the login page...

UBUNTU-CVE-2020-12648

A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...

RosarioSIS Cross-Site Scripting Vulnerability (CNVD-2020-42950)

RosarioSIS is a student information system for school management. A cross-site scripting vulnerability exists in RosarioSIS 6.7.2. The vulnerability stems from improper validation of user-supplied input in the Preferences.php script. A remote attacker can exploit the vulnerability by using the ta...

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in the lack of measures taken to protect the structure of web pages, allowing attackers to execute cross-site scripting attacks.

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

UBUNTU-CVE-2020-10946

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-11845

Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML...

Sales Force Assistant Cross-Site Scripting Vulnerability

NI Consulting Sales Force Assistant is a suite of sales support and information sharing tools from NI Consulting Japan. The product supports features such as customer relationship management, case management, complaint management, and visit program management. A cross-site scripting vulnerability...

PT-2020-2194 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...