Multiple vulnerabilities in Navigate CMS

Overview Navigate CMS is an open source Contents Management System CMS provided by Naviwebs S.C. Navigate CMS contains multiple vulnerabilities listed below. Reflected cross-site scripting in the Help feature CWE-79 Reflected cross-site scripting CWE-79 - CVE-2021-36454 SQL injection CWE-89 -...

Pepperminty Wiki 跨站脚本漏洞

Pepperminty Wiki is an open source complete wiki engine contained in a single file. Pepperminty Wiki suffers from a cross-site scripting vulnerability that stems from insufficient cleaning of user-supplied data in the Wiki Name field. An attacker can exploit this vulnerability to inject and execu...

The vulnerability of the printing control software in PaperCut MF and PaperCut NG, which exists due to the lack of measures to neutralize special elements, allows a violator to implement a script through the user interface.

The vulnerability of the printing control software in PaperCut MF and PaperCut NG exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to implement a malicious script through the user interface...

Cross site scripting

A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...

CVE-2020-20990

CVE-2020-20990 is a cross-site scripting (XSS) vulnerability in Domainmod 4.13 that affects the /segments/edit.php Segment Name parameter. The underlying issue is lack of proper validation of user-supplied data, allowing attackers to inject arbitrary web scripts or HTML. The affected component is...

CVE-2020-20977

A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...

EyouCms Cross-Site Scripting Vulnerability

EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Hainan Zanzan Network Technology Co. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...

CVE-2020-21362

A cross site scripting XSS vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter...

Maccms 跨站脚本漏洞

Maccms 10 is a PHP-based film and television content management system CMS. Maccms 10 is vulnerable to a cross-site scripting vulnerability, which originates from the ""wd"" parameter in the software's background search function that is not effectively restricted and checked, and can be exploited...

WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting

Overview WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability CWE-79 due to the flow in handling some URL query parameters. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on...

Eyoucms 跨站脚本漏洞

Zanzan Network Technology EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Zanzan Network Technology in China. version v1.4.1 of Eyoucms has a security vulnerability. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...

Rust 跨站脚本漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in comrak crate in versions of Mozilla Rust prior to 0.10.1, which could be exploited by an attacker to execute the script in a Web browser in the secure context of a...

Cybozu Garoon 跨站脚本漏洞

Cybozu Garoon is a portal-based OA office system from Cybozu Japan. A cross-site scripting vulnerability exists in some of the email functions in Cybozu Garoon. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

Cybozu Garoon 跨站脚本漏洞

A cross-site scripting vulnerability exists in Bulletin in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

Vulnerability fixed in CheckMK

A vulnerability has been fixed in CheckMK. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. CheckMK has released updates to fix t...

Cross-site Scripting (XSS) - Reflected in dolibarr/dolibarr

Description Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious...

Shopify: Stored XSS in SVG file as data: url

A stored XSS vulnerability was discovered in Shopify's rich text editor on July 24, 2021. Attackers were able to insert an XSS payload encoded in an SVG file using data: URLs. The vulnerability was fixed by preventing the conversion of data: URLs into blob: URLs...

Tecnick.com TCExam 跨站脚本漏洞

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams and more. TCExam suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied data in tceselectmediafile.php. A remotely...

Collabora Online 跨站脚本漏洞

Collabora Online is an application from Collabora. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A cross-site scripting vulnerability exists in Collabora Online versions prior to 6.4.9-5. The vulnerability allows an attacke...