CVE-2022-22763

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla Firefox ESR Security Advisories (MFSA2022-04, MFSA2022-05) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox 代码问题漏洞

A code issue vulnerability exists in Mozilla Firefox, an open source Web browser from the Mozilla Foundation, which stems from the product's failure to restrict the lifecycle of script execution. An attacker could use this vulnerability to cause scripts to execute in an invalid object state...

Schneider Electric PowerLogic PM5560 Improper Neutralization of Input During Web Page Generation (CVE-2018-7795)

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code. Th...

CVE-2021-43841

XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that...

CVE-2021-43841

CVE-2021-43841 — XWiki Platform SVG upload XSS . In the default XWiki configuration, an attacker could upload an SVG containing a script that executes when a user performs a file download. The issue has been mitigated by patching the default configuration to stop displaying SVG files in the brows...

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

CVE-2021-22813

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...

CVE-2021-22810

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...

CVE-2020-28884

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groo...

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges...

Multiple vulnerabilities in TransmitMail

Overview TransmitMail is a PHP based mail form system. TransmitMail contains multiple vulnerabilities listed below. Directory traversal vulnerability due to the improper validation of external input values CWE-22 - CVE-2022-22146 Cross-site scripting CWE-79 - CVE-2022-21193 ishiyuriniwa reported...

SUSE-SU-2022:0161-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a ! script file was mishandled. bsc1107296, bsc1107294 - CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring o...

Cisco Webex Meetings 跨站脚本漏洞

Cisco Webex Meetings is a video conferencing solution from Cisco. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from a vulnerability in the web-based interface of Cisco Webex Meetings that could allow an unauthenticated, remote attacker to conduct a cross-site...

PT-2022-2311 · Cisco · Cisco Webex Meetings

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: The issue exists due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings. An attacker could exploit this by persuading a user t...

CVE-2022-22531

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified...

CVE-2022-22531

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified...