Show filters
50 Total Results
Displaying 21-30 of 50
Sort by:
Attacker Value
Unknown
CVE-2021-40369
Disclosure Date: November 24, 2021 (last updated February 23, 2025)
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.
0
Attacker Value
Unknown
CVE-2021-23353
Disclosure Date: March 09, 2021 (last updated November 28, 2024)
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
0
Attacker Value
Unknown
CVE-2020-7691
Disclosure Date: July 06, 2020 (last updated February 21, 2025)
In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.
0
Attacker Value
Unknown
CVE-2020-7690
Disclosure Date: July 06, 2020 (last updated February 21, 2025)
All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
0
Attacker Value
Unknown
CVE-2019-10090
Disclosure Date: September 23, 2019 (last updated November 27, 2024)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
0
Attacker Value
Unknown
CVE-2019-12407
Disclosure Date: September 23, 2019 (last updated November 27, 2024)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
0
Attacker Value
Unknown
CVE-2019-10089
Disclosure Date: September 23, 2019 (last updated November 27, 2024)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
0
Attacker Value
Unknown
CVE-2019-12404
Disclosure Date: September 23, 2019 (last updated November 27, 2024)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
0
Attacker Value
Unknown
CVE-2019-10087
Disclosure Date: September 23, 2019 (last updated November 27, 2024)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
0
Attacker Value
Unknown
CVE-2018-16553
Disclosure Date: June 20, 2019 (last updated November 27, 2024)
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin.
0
