149 matches found
Arbitrary Code Execution
vm2 is vulnerable to arbitrary code execution. Remote attackers are able to inject and execute crafted malicious scripts on the host machine via direct access to host error objects generated by node internals during generation of a stacktraces...
CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting
The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-42367 Variation Swatches for WooCommerce <= 2.1.1 Authenticated Stored Cross-Site Scripting
The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the /includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization...
CVE-2021-38336 Edit Comments XT <= 1.0 Reflected Cross-Site Scripting
The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box...
CVE-2018-16248
b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...
CVE-2013-6320
CVE-2013-6320 is an XSS vulnerability affecting IBM Algo One as used in MetaData Management Tools (UDS 4.7.0–5.0.0), and in Algo Security Access Control Management (ACSWeb in Algo) (4.7.0–4.9.0) and AlgoWebApps (5.0.0). The underlying issue is a cross-site scripting flaw that allows remote authen...
Cisco Unity多个远程安全漏洞
BUGTRAQ ID: 31642 CVECAN ID: CVE-2008-4545,CVE-2008-4544,CVE-2008-4543,CVE-2008-4542 Cisco Unity是一个语音和统一的消息平台。 Cisco Unity中存在多个安全漏洞,可能允许恶意用户泄露敏感信息、导致拒绝服务或注入恶意脚本。 1 Cisco Unity中存在跨站脚本漏洞,远程攻击者可以向数据库提供恶意数据,当下一次管理员登录并访问依赖于存储信息的页面时,就可以执行跨站脚本。 2...
CVE-2006-2751
Cross-site scripting XSS vulnerability in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the itemlist parameter in search.php...