6714 matches found
Maccms 跨站脚本漏洞
Maccms 10 is a PHP-based film and television content management system CMS. Maccms 10 is vulnerable to a cross-site scripting vulnerability, which originates from the ""wd"" parameter in the software's background search function that is not effectively restricted and checked, and can be exploited...
WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting
Overview WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability CWE-79 due to the flow in handling some URL query parameters. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on...
Eyoucms 跨站脚本漏洞
Zanzan Network Technology EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Zanzan Network Technology in China. version v1.4.1 of Eyoucms has a security vulnerability. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...
Rust 跨站脚本漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in comrak crate in versions of Mozilla Rust prior to 0.10.1, which could be exploited by an attacker to execute the script in a Web browser in the secure context of a...
Cybozu Garoon 跨站脚本漏洞
Cybozu Garoon is a portal-based OA office system from Cybozu Japan. A cross-site scripting vulnerability exists in some of the email functions in Cybozu Garoon. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...
Cybozu Garoon 跨站脚本漏洞
A cross-site scripting vulnerability exists in Bulletin in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...
CVE-2020-20699
A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...
Vulnerability fixed in CheckMK
A vulnerability has been fixed in CheckMK. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. CheckMK has released updates to fix t...
Cross-site Scripting (XSS) - Reflected in dolibarr/dolibarr
Description Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious...
Shopify: Stored XSS in SVG file as data: url
A stored XSS vulnerability was discovered in Shopify's rich text editor on July 24, 2021. Attackers were able to insert an XSS payload encoded in an SVG file using data: URLs. The vulnerability was fixed by preventing the conversion of data: URLs into blob: URLs...
Tecnick.com TCExam 跨站脚本漏洞
Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams and more. TCExam suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied data in tceselectmediafile.php. A remotely...
Collabora Online 跨站脚本漏洞
Collabora Online is an application from Collabora. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A cross-site scripting vulnerability exists in Collabora Online versions prior to 6.4.9-5. The vulnerability allows an attacke...
JVN#86026700: Multiple vulnerabilities in GroupSession
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20785 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
CSZ CMS Cross-Site Scripting Vulnerability (CNVD-2021-50173)
CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS suffers from a cross-site scripting vulnerability that can be exploited to execute arbitrary web script or HTML via a specially crafted load entered in the "New Article" field under the "Article" plugin...
Codoforum cross-site scripting vulnerability (CNVD-2021-50176)
Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload with the "Smiley Code" parameter...
moziloCMS Stored Cross-Site Scripting Vulnerability
moziloCMS is open source a content management system CMS. A security vulnerability exists in moziloCMS, which can be exploited by an attacker to execute arbitrary web script or HTML through a specially crafted load by entering the "Content" parameter...
dotCMS Cross-Site Scripting Vulnerability (CNVD-2021-50940)
dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...
Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus
IBM has fixed vulnerabilities in the web interface of Tivoli Netcool/OMNIbus. An authenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visi...
CVE-2020-35987
A stored cross site scripting XSS vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...
Cross site scripting
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/...