IkaIka RSS Reader vulnerable to cross-site scripting

Overview IkaIka RSS Reader contains a cross-site scripting vulnerability CWE-79, due to the improper processing of RSS registration. LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a malicio...

Zammad cross-site scripting vulnerability (CNVD-2021-50125)

Zammad is a Web-based open source helpdesk/customer support system. A cross-site scripting vulnerability exists in Zammad. A remote attacker can exploit this vulnerability to execute arbitrary web script or HTML via the "user-avatar" attribute...

CVE-2021-21084

AEM's Cloud Service offering, as well as versions 6.5.7.0 and below, 6.4.8.3 and below and 6.3.3.8 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

PT-2021-3479 · Rabbitmq +5 · Rabbitmq +5

Name of the Vulnerable Software and Affected Versions: RabbitMQ versions prior to 3.8.18 Description: The issue arises from the rabbitmq federation management plugin in RabbitMQ, where a federation link's consumer tag is rendered without proper sanitization of tags in the management UI. This...

CVE-2021-25654

An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services...

Avaya Aura Device Services 代码注入漏洞

Avaya Aura Device Services is a software application from Avaya, USA. It provides a feature for managing Avaya endpoints. A security vulnerability exists in Avaya Aura Device Services versions 7.0 through 8.1.4.0, which can be exploited by local users to execute specially written scripts...

CVE-2021-25650

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services...

PT-2021-16728 · Avaya · Avaya Aura Utility Services

Name of the Vulnerable Software and Affected Versions: Avaya Aura Utility Services versions 7.x Description: A privilege escalation issue was discovered in Avaya Aura Utility Services, potentially allowing a local user to execute specially crafted scripts as a privileged user. Recommendations: Fo...

WordPress plugin Admin Columns 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Hitachi Application Server Help vulnerable cross-site scripting

Overview Hitachi Application Server Help contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrar...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress Welcart e-Commerce, which stems from...

TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)

Exploit Title: TextPattern CMS 4.8.7 - Stored Cross-Site Scripting XSS Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp TextPattern is pron...

CVE-2021-29995

A Cross Site Request Forgery CSRF issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user including script execution. The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1...

CVE-2021-29995

A Cross Site Request Forgery CSRF issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user including script execution. The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1...

CVE-2021-29995

A Cross Site Request Forgery CSRF issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user including script execution. The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1...

CloverDX Server Console 跨站请求伪造漏洞

CloverDX is an enterprise data management platform designed to solve demanding real-world data challenges. Design, automate, manipulate and publish data. A security vulnerability exists in CloverDX Server Console that stems from a cross-site request forgery CSRF issue in CloverDX Server Console...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-39688)

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

CMS Made Simple 跨站脚本漏洞

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.

The vulnerability of the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code and script code in the user’s browser, within the context of the...

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. The vulnerabilities allow an authenticated malicious person to execute scripts without having the necessary permissions to do so. In addition, a malicious person with inactive account could bypass a security measure that allows access to the account to be...