JVN#86026700: Multiple vulnerabilities in GroupSession

GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20785 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

CSZ CMS Cross-Site Scripting Vulnerability (CNVD-2021-50173)

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS suffers from a cross-site scripting vulnerability that can be exploited to execute arbitrary web script or HTML via a specially crafted load entered in the "New Article" field under the "Article" plugin...

Codoforum cross-site scripting vulnerability (CNVD-2021-50176)

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload with the "Smiley Code" parameter...

moziloCMS Stored Cross-Site Scripting Vulnerability

moziloCMS is open source a content management system CMS. A security vulnerability exists in moziloCMS, which can be exploited by an attacker to execute arbitrary web script or HTML through a specially crafted load by entering the "Content" parameter...

dotCMS Cross-Site Scripting Vulnerability (CNVD-2021-50940)

dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...

Vulnerabilities fixed in IBM Tivoli Netcool/OMNIbus

IBM has fixed vulnerabilities in the web interface of Tivoli Netcool/OMNIbus. An authenticated malicious person can exploit the exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visi...

CVE-2020-35987

A stored cross site scripting XSS vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...

Cross site scripting

A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/...

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is a next-generation identity and access control policy platform that enables organizations to enforce compliance, enhance infrastructure security, and streamline their service operations. A stored cross-site scripting vulnerability exists in the Web management...

Vulnerability fixed in PRTG Network Monitor

A vulnerability has been fixed in PRTG Network Monitor. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Paessler has released updat...

CVE-2021-24375

Lack of authentication or validation in motorloadmore, motorgalleryloadmore, motorquickview and motorprojectquickview AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php script...

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. Not every vulnerability h...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48502)

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

phplist cross-site scripting vulnerability (CNVD-2021-48517)

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist 3.5.4 and earlier versions, which can be exploited to execute arbitrary Web script or HTML via the "admin" parameter under the "Manage Administrators"...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48496)

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48500)

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

LavaLite Cross-Site Scripting Vulnerability (CNVD-2021-48515)

Lavalite is an open source content management system developed using the Laravel framework. A stored cross-site scripting vulnerability exists in the /admin/roles/role component of LavaLite version 5.8.0, which can be exploited by an attacker to execute arbitrary Web script or HTML via the ""New"...

Monstra cross-site scripting vulnerability (CNVD-2021-46870)

Monstra is a lightweight content management system CMS. A stored cross-site scripting vulnerability exists in Monstra version 3.0.4. The vulnerability can be exploited to execute arbitrary web script or HTML via the "Site Name" field under the "Site Settings" module...

phplist cross-site scripting vulnerability (CNVD-2021-46871)

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "Send Test" field under the "Start or Continue Campaig...

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist 3.5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary Web script or HTML via the "Campaign" field under the "Send...