A Cross-Site Scripting (XSS) vulnerability was found in Sitefinity CMS versions prior to 15.0.0. The vulnerability exists in all features using SF-Editor in the backend of the CMS. An attacker with lower privileges can insert malicious XSS payloads in the content form, which will be executed when a user with higher privileges, the victim, views the affected page.
OpenEdge is prone to multiple denial-of-service vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits can allow attackers to cause the application to become unresponsive, denying service to legitimate users.
The malicious user sends a malformed request that generates the file access up directories as follows: http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini or else http://target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../../../windows/win.ini And the application answers; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Below mentioned input fields aren't properly escaped. This could lead to an XSS attack that could possibly affect administrators, users, editor.