Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42750PUBLISHED: 2022-08-12A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.
CVE-2021-42751PUBLISHED: 2022-08-12A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.
CVE-2022-35585PUBLISHED: 2022-08-12A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter
CVE-2022-35587PUBLISHED: 2022-08-12A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter
CVE-2022-35589PUBLISHED: 2022-08-12A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.
User Rank: Author
4/15/2016 | 12:41:17 PM