6714 matches found
CVE-2020-19266
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
Dswjcms 跨站脚本漏洞
Dswjcms is for individuals and personal lending launched a free p2p open source project , based on Thinkphp architecture of the industry system , fully automated installation mode , quickly build a P2P website . Dswjcms 1.6.4 version of the existence of cross-site scripting vulnerability , the...
Jeesns 跨站脚本漏洞
JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the editor's source field...
Dswjcms 跨站脚本漏洞
Dswjcms is for individuals and personal lending launched a free p2p open source project , based on Thinkphp architecture of the industry system , fully automated installation mode , quickly build a P2P website . Dswjcms 1.6.4 version of the existence of cross-site scripting vulnerability , the...
Nature Easy Soft Network Technology ZenTao 跨站脚本漏洞
Nature Easy Soft Network Technology ZenTao is China's easy soft Tianchuang network technology Nature Easy Soft Network Technology company's open source project management software. The software includes features such as product management, project management, quality management and document...
CVE-2020-18126
Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...
Cross-site Scripting (XSS) - Stored in namelessmc/nameless
✍️ Description Stored XSS in google analytics. 🕵️♂️ Proof of Concept 1. goto 'http://localhost/Nameless/index.php?route=/panel/core/seo/' logged in as admin. 2. enter "G-XXXXXXXX'; javascript:alert1; alert1; instead will cause any admin who visits the SEO page to have the java script activated on...
Atlassian JIRA < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 XSS (JRASERVER-72392)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is affected by a cross-site scripting vulnerability in the number range searcher component due to improper validation of user-supplied input before returning it to users. An...
CVE-2021-40089
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disable...
VMware vRealize Log Insight 跨站脚本漏洞
Vmware VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A cross-site scripting vulnerability exists in VMware vRealize Log Insight that stems from insufficient cleansing of user-supplied data...
JVN#97545738: Multiple cross-site scripting vulnerabilities in Movable Type
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Search screen CWE-79 - CVE-2021-20808 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...
CVE-2021-33191 MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...
Multiple vulnerabilities in Navigate CMS
Overview Navigate CMS is an open source Contents Management System CMS provided by Naviwebs S.C. Navigate CMS contains multiple vulnerabilities listed below. Reflected cross-site scripting in the Help feature CWE-79 Reflected cross-site scripting CWE-79 - CVE-2021-36454 SQL injection CWE-89 -...
Pepperminty Wiki 跨站脚本漏洞
Pepperminty Wiki is an open source complete wiki engine contained in a single file. Pepperminty Wiki suffers from a cross-site scripting vulnerability that stems from insufficient cleaning of user-supplied data in the Wiki Name field. An attacker can exploit this vulnerability to inject and execu...
The vulnerability of the printing control software in PaperCut MF and PaperCut NG, which exists due to the lack of measures to neutralize special elements, allows a violator to implement a script through the user interface.
The vulnerability of the printing control software in PaperCut MF and PaperCut NG exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to implement a malicious script through the user interface...
Cross site scripting
A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...
CVE-2020-20990
CVE-2020-20990 is a cross-site scripting (XSS) vulnerability in Domainmod 4.13 that affects the /segments/edit.php Segment Name parameter. The underlying issue is lack of proper validation of user-supplied data, allowing attackers to inject arbitrary web scripts or HTML. The affected component is...
CVE-2020-20977
A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...
EyouCms Cross-Site Scripting Vulnerability
EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Hainan Zanzan Network Technology Co. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...
CVE-2020-21362
A cross site scripting XSS vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter...