26 matches found
CVE-2021-38375
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message...
CVE-2021-38375
OX App Suite (Open-Xchange) versions up to 7.10.5 are affected by a Cross-Site Scripting vulnerability in the frontend component. The root cause is described as the pp loader mechanism that could be abused to load content from relative URLs outside the intended API path, enabling attackers to i...
Open-xchange OX App Suite 跨站脚本漏洞
Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited...
Pornhub: Stored XSS in galleries - https://www.redtube.com/gallery/[id] path
Researcher successfully closed the image 'alt' attribute and injected javascript by intercepting the album creation request and submitting an XSS payload as the album title. This led to stored cross-site scripting on the user's album page, executed against any users who visited the album. Stored...
NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)
XSS in error message caused by alt and title image attributes...
Mail.ru: e.mail.ru stored XSS in agent via sticker (smile)
Привет : смотрим скриншот : XSS в сообщениях агента с помощью стикера смайла. Отправка меседжа со стикером и XSS выглядит так: POST https://jim45.mail.ru/message?session=48280&r=18426&sdc=1 HTTP/1.1 Accept: / Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer...