Cisco Firepower Management Center 跨站脚本漏洞

Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. A security vulnerability exists in Cisco Firepower Management Center Software that stems from insufficient validation of user-supplied input in the web-based management interface. An...

Rocket.Chat: XSS in various MessageTypes

The Rocket.Chat vulnerability allowed arbitrary script execution in the receiving frontend client through the rendering of messages of various MessageTypes. The vulnerability affected versions 3.18.2 and 4.0.3. The issue was caused by the lack of sanitization of message parameters rendered from...

CVE-2020-36499

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting XSS vulnerability in the content parameter of the Rubric Block Add module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value...

CVE-2020-23041

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...

Cross site scripting

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

Portable Ltd Playable 代码注入漏洞

Portable Ltd Playable is a Full HD media player for Pc from Portable Ltd, UK. Portable Ltd Playable suffers from a code injection vulnerability that stems from Portable Ltd Playable v9.18 containing a code injection vulnerability in the filename parameter. An attacker could use this vulnerability...

Sugarcrm SugarCRM 跨站脚本漏洞

Sugarcrm SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM Sugarcrm, USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and information sharing and tracking of sales representatives. SugarC...

Fork CMS 跨站脚本漏洞

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in Fork CMS Content Management System version 5.8.0, which can be exploited by an attacker to...

Privilege Defined With Unsafe Actions in Keycloak

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

Cross-site Scripting (XSS) - Stored in osticket/osticket

Description As it is written on github profile, osTicket is a widely-used open source support ticket system. During source code research I discovered bad uploaded file type check, which is controlled by user. Unauthenticated user can upload malicious html/js file. FROM OWASP:: Cross-Site Scriptin...

DEBIAN-CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

Xiuno BBS 跨站脚本漏洞

Xiuno BBS is an open source forum program based on PHP and MySQL. Xiuno BBS suffers from a cross-site scripting vulnerability that originates from the failure of the product/admin/?setting-base.htm page to properly handle data in the sitename field. An attacker can execute client-side code via th...

CVE-2020-20131

LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module...

LaraCms 跨站脚本漏洞

LaraCms is a modern content management system in China. version 1.0.1 of LaraCMS contains a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary web scripts or HTML via specially crafted loads in the content editor...

Gila CMS Cross-Site Scripting Vulnerability (CNVD-2021-84285)

Gila CMS is an open source content management system CMS based on PHP and MySQL. Gila CMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload in a markup field...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

Monstra CMS 代码问题漏洞

Monstra CMS is a lightweight PHP-based content management system CMS from the Ukrainian personal developer Sergey Romanenko.A code issue vulnerability exists in Monstra CMS v3.0.4, which could be exploited by attackers to execute arbitrary web scripts or HTML...

CMS Made Simple 跨站脚本漏洞

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS...