Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...

Kagemai 跨站脚本漏洞

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script in a user's web browser...

JVN#97370614: MagazinegerZ vulnerable to cross-site scripting

MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the administrative...

Zen Cart Cross-Site Scripting Vulnerability (CNVD-2021-22861)

Zen Cart is open source, free mall system for building professional online stores. A reflective cross-site scripting vulnerability exists in Zen Cart 1.5.6d. An attacker can execute malicious script via the includes/templates/templatedefault/common/tplmainpage.php or...

Cybozu Office 跨站脚本漏洞

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A cross-site scripting vulnerability exists in the address book in Cybozu Office. The vulnerability can be exploited to execute arbitrary script in a logged-in user's web browser...

Vulnerabilities fixed in F5 BIG-IQ

F5 has fixed vulnerabilities in BIG-IQ. A malicious person at remote can exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application being visited. In addition, a malicious...

Multiple cross-site scripting vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Stored cross-site scripting vulnerability in Admin Page CWE-79...

Vulnerability fixed in GNU git

GNU has fixed a vulnerability in git. A malicious person could exploit the vulnerability to create a rogue repository from which scripts are automatically executed upon check out. This allows the malicious party to execute arbitrary code with permissions of git on the vulnerable system. GNU has...

DEBIAN-CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

WESEEK GROWI cross-site scripting vulnerability (CNVD-2021-16350)

GROWI is a team collaboration software. A stored cross-site scripting vulnerability exists in WESEEK GROWI 4.2.2 and earlier versions, which can be exploited by a remote attacker to execute arbitrary script in a user's browser by sending specially crafted content...

Git 后置链接漏洞

Git is a free, open source distributed version control system. Git suffers from a back-linking vulnerability that allows an attacker to clone to a case-insensitive filesystem using a specially crafted repository that leads to the execution of just-checked scripts...

Aruba Networks AirWave Management Platform Cross-Site Scripting Vulnerability

Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting and historical data reporting. A reflective cross-site scripting vulnerability exists in the web...

OESA-2021-1068 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. The latest...

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability

Aruba ClearPass Policy Manager is a network access control NAC solution. A reflective cross-site scripting vulnerability in the client portal interface of Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute arbitrary script...

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability (CNVD-2021-13473)

Aruba ClearPass Policy Manager is a network access control NAC solution. A stored cross-site scripting vulnerability in the ClearPass web administration interface in versions prior to Aruba ClearPass Policy Manager 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute...

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is a network access control NAC solution. A reflective cross-site scripting vulnerability in the client portal interface of Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute arbitrary script...

CVE-2021-20066

A flaw was found in jsdom. JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

CVE-2021-1351

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

Code injection

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...