PublicCMS 安全漏洞

PublicCMS is China PublicCMS company's set of open source content management system CMS written in Java language . A cross-site scripting vulnerability exists in PublicCMS v4.0. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...

Apache OpenOffice < 4.1.15 Multiple Vulnerabilities

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as stated in the vendor advisories and release notes. - Apache OpenOffice documents can contain links that call internal macros with arbitrary...

UBUNTU-CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

CVE-2023-7027

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This...

CVE-2020-26623

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the AdministrationWidget tab after the login portal...

CVE-2023-47804

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

CVE-2023-47804 Apache OpenOffice: Macro URL arbitrary script execution

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

WireMock 安全漏洞

WireMock is WireMock open source a popular API simulation test open source tool . WireMock cross-site scripting vulnerability , the vulnerability stems from the logging function of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by...

CVE-2023-50470

A cross-site scripting XSS vulnerability in the component admin Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

SUSE-SU-2023:4984-1 Security update for libreoffice

This update for libreoffice fixes the following issues: - CVE-2023-6186: Fixed link targets allow arbitrary script execution bsc1217578. - CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection bsc1217577...

SeaCMS 安全漏洞

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A cross-site scripting vulnerability exists in SeaCMS v12.8, which stems from the lack of effective filtering and escaping of user-supplied da...

CVE-2023-50339

Stored cross-site scripting vulnerability exists in the User Management /admin/users page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-49807

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-50175

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...

CVE-2023-45737

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using...

CVE-2023-45737

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using...

Cross site scripting

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

Cross site scripting

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

Cross site scripting

Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-50725

A cross-site scripting flaw was found in Resque due to improper validation of user-supplied input by the resque-web failed and queues lists. This issue could allow a remote authenticated attacker to use a specially crafted URL to execute script in a victim's web browser within the security contex...