32 matches found
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...
PT-2024-13838 · Zoho · Zoho Manageengine Servicedesk Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14504 Description: The issue allows stored XSS via a task's name in a time sheet, which can be exploited by a low-privileged technician. Recommendations: For versions prior to 14504,...
ctrlo lenio 跨站脚本漏洞
lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio that stems from an unknown section of its views/index.tt file that operates on the parameters task.name/task.site.org.name allowing attackers to implement cross-site scripting...
Jenkins Plugin eXtreme Feedback Panel 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
January 5, 2021, update for Project 2016 (KB4493159)
January 5, 2021, update for Project 2016 KB4493159 This article describes update 4493159 for Microsoft Project 2016 that was released on January 5, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...
nopCommerce 跨站脚本漏洞
nopCommerce is a set of open source general e-commerce platform. A cross-site scripting vulnerability exists in nopCommerce Store version 4.30, which stems from the Schedule tasks name field not being effectively filtered for XSS statements. This vulnerability allows an attacker to inject an XSS...
Design/Logic Flaw
DISPUTED Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them alread...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...
CVE-2013-6465
Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...
CVE-2015-3883
Multiple cross-site scripting XSS vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 searchkeywords parameter to index.php/users page; the 2 "Name of application" on index.php/configuration; 3 a new project name on index.php/projects; 4 the task na...
Comala Workflows newtask.action taskName has multiple reflected cross-site scripting vulnerabilities
Comala Workflows is a WEB-based application. Comala Workflows newtask.action script handles A cross-site scripting vulnerability exists in taskName, which can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it, which can be used to obtain a sensitive...