Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-298m-hvgh-x9cw: Alluxio Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.

ghsa
#xss#vulnerability#git
GHSA-7xqx-xwg9-jx34: NodCMS Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows an attacker with administrative privileges to execute arbitrary code and gain access to sensitive information via a crafted script to the address parameter.

GHSA-gqr4-cvf4-3957: YiiCMS Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in YiiCMS v.1.2.0 and prior allows a remote attacker to execute arbitrary code via the news function. A fix is available at commit 4a9d68564eb78d9f64e3f5dd77186a154093615b.

CVE-2020-21268: A stored XSS vulnerability that leads to the capture of other people's cookies · Issue #40 · easysoft/zentaopms

Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.

CVE-2020-21052: 前台文章评论处存储型XSS · Issue #56 · 94fzb/zrlog

Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.

CVE-2020-20070: [security vulnerability] Reflective XSS when view the survey result · Issue #48 · wkeyuan/DWSurvey

Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.

CVE-2020-21058: typora(0.9.79) XSS to RCE · Issue #2959 · typora/typora-issues

Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.

CVE-2020-20725: Cross Site Scripting · Issue #2 · taogogo/taocms

Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.

CVE-2020-20697: There is a critical vulnerability in NodCMS · Issue #41 · khodakhah/nodcms

Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter.

CVE-2020-21485: Alluxio v1.8.1 reflected xss vulnerability · Issue #10552 · Alluxio/alluxio

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.