CVE-2023-25807

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

CVE-2023-43191

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...

Johnson Controls Metasys ADS/ADX/OAS Servers 跨站脚本漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A cross-site scripting vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS Servers versions 10 and 11, which arises from improper neutralization of input during web page generation...

F5 Traffix SDC 跨站脚本漏洞

The F5 Traffix Signaling Delivery Controller F5 Traffix SDC is a signaling delivery controller from F5, Inc. It is used to provide operators with total connectivity, unlimited scalability and total control. A cross-site scripting vulnerability exists in F5 Traffix SDC, which can be exploited by a...

RSA Archer Cross-Site Scripting Vulnerability

RSA Archer is an enterprise IT governance and compliance governance product. RSA Archer suffers from a cross-site scripting vulnerability that can be exploited by a remote authenticated malicious Archer user to store malicious HTML or JavaScript code in a trusted application datastore. When an...