pekeUpload cross-site scripting vulnerability

PekeUpload is a Jquery Html5 file upload plugin from the personal developer Pedro Molina in Colombia. pekeUpload suffers from a cross-site scripting vulnerability that exists due to insufficient cleanup of user-supplied data. A remote attacker could exploit the vulnerability to be able to trick a...

Cisco Webex Video Mesh Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker...

Google Chromium V8 Memory Corruption Vulnerability

Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

Cisco Firepower Management Center Software Multiple Vulnerabilities (cisco-sa-fmc-xss-openredir-TVPMWJyg)

The version of Cisco Firerpower Management Center installed on the remote host is affected by multiple vulnerabilities as referenced in the cisco-sa-fmc-xss-openredir-TVPMWJyg advisory, as follows: - An authenticated, remote attacker can exploit a vulnerability in the web-based management interfa...

Cisco TelePresence Management Suite Stored XSS (cisco-sa-tms-xss-CwjZJSQc)

According to its self-reported version, Cisco TelePresence Management Suite is affected by a stored cross-site scripting XSS vulnerability in its web-based management interface due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can...

Nextcloud Talk 跨站脚本漏洞

Nextcloud Talk, a self-hosted local audio/video and chat communication service from Germany-based Nextcloud, is vulnerable to a cross-site scripting vulnerability that could be exploited by remote attackers to inject and execute arbitrary HTML and script code in the user's browser within the...

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2021-81104)

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2021-81098)

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...

CVE-2021-34760

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

Cross site scripting

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

CVE-2021-34789

Cisco Tetration’s web-based management interface contains a stored XSS flaw caused by insufficient input validation. An authenticated attacker with valid administrative credentials could inject malicious scripts into specific interface pages, allowing execution of arbitrary script in the affected...

CVE-2021-34760 Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

Apache Superset Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...

Adobe Connect <= 11.2.3 Multiple Arbitrary Code Execution Vulnerabilities (APSB21-91)

The version of Adobe Connect installed on the remote host is prior to 11.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-91 advisory. - Adobe Connect version 11.2.3 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacke...

CVE-2021-34742

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation o...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation o...

CVE-2021-34742 Cisco Vision Dynamic Signage Director Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation o...

CVE-2021-34742 Cisco Vision Dynamic Signage Director Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation o...

VMware vCenter Server Cross-Site Scripting Vulnerability (CNVD-2021-74276)

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vCenter Server is vulnerable to a...

Vmware VMware vCenter Server 跨站脚本漏洞

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vCenter Server is vulnerable to a...