IBM Security Verify Access Cross-Site Scripting Vulnerability (CNVD-2022-87651)

IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls,...

Apache Druid Cross-Site Scripting Vulnerability

Apache Druid is the United States Apache Apache Foundation of a use of the Java language , written in column-oriented open source distributed database . Apache Druid suffers from a cross-site scripting vulnerability that stems from insufficient cleansing of user-supplied data. A remote attacker...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2022-50628)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

SHIRAGI cross-site scripting vulnerability

SHIRAGI is a CMS used to easily create websites. v1.0.0 to v1.14.2 of SHIRAGI, v1.15.0, contains a cross-site scripting vulnerability that stems from inadequate cleaning of user-supplied data, which could be exploited by remote attackers to trick victims into following specially crafted links and...

GHSA-P495-JRPQ-P66G MantisBT XSS when uploading an attachment

The projdoceditpage.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting XSS vulnerability, allowing execution of arbitrary code if CSP settings permit it after uploading an attachment with a crafted filename. The code is executed when editing the document...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2022-68894)

A cross-site scripting vulnerability exists in Cisco Firepower Management Center FMC, a next-generation firewall management center software from Cisco. The vulnerability stems from a Web management interface that does not adequately authenticate user input. An authenticated remote attacker could...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2022-68893)

A cross-site scripting vulnerability exists in Cisco Firepower Management Center FMC, a next-generation firewall management center software from Cisco. The vulnerability stems from a Web management interface that does not adequately authenticate user input. An authenticated remote attacker could...

Lansweeper Cross-Site Scripting Vulnerability

Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery, network settings scanning, etc. A cross-site scripting vulnerability exists in Lansweeper 9.1.20.2, which stems from a failure to adequately clean user-supplied data in...

Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2022-33103)

Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code or acces...

Cisco Secure Network Analytics Cross-Site Scripting Vulnerability

Cisco Secure Network Analytics is one of the most comprehensive visibility and network traffic analysis Nta/network detection and response Ndr solutions from Cisco. A cross-site scripting vulnerability exists in versions prior to Cisco Secure Network Analytics 2.1.1, which provides continuous,...

GLPI Cross-Site Scripting Vulnerability (CNVD-2022-11518)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges...

Cisco Security Manager Cross-Site Scripting Vulnerability (CNVD-2022-06379)

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco USA that are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices.Cisco Security Manager is vulnerable to a cross-site scripting vulnerability...

CVE-2021-40888

Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...

CVE-2021-40888

Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22651)

Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from a lack of validation and escaping of user-supplied data in the search screen, and could be exploited by remote attackers to trick victims int...

OpenWrt Cross-Site Scripting Vulnerability

OpenWrt is a Linux operating system for embedded devices. A cross-site scripting vulnerability exists in the OpenWrt luci web-interface, which stems from insufficient cleanup of user-supplied data when processing hostnames in the OpenWrt luci web-interface. A remote attacker could inject and...

LAOBANCMS cross-site scripting vulnerability (CNVD-2021-34495)

LAOBANCMS is a content management system based on PHP and MySQL. A cross-site scripting vulnerability exists in LAOBANCMS version 2.0. An attacker can execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the "admin/info.php?shuyu" page...

Arbitrary Code Execution

java is vulnerable to arbitrary code execution. The vulnerability exists as potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code...

Cross-site Scripting (XSS)

jboss is vulnerable to cross-site scripting XSS. The vulnerability exists as an attacker could use these flaws to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser session...

Information Disclosure

openjdk is vulnerable to information disclosure. Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code...