CVE-2022-2171

The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue...

CVE-2020-36290

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...

CVE-2022-35651

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in contex...

CVE-2022-2510

Cross-site Scripting XSS vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML XSS on page "Special:SearchCenter", using the search term in the URL...

Cross site scripting

Cross-site Scripting XSS vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML XSS on page "Special:SearchCenter", using the search term in the URL...

Cross Site Scripting (XSS)

Prestashop is vulnerable to cross site scripting. The product catalog feature allows for an admin to upload arbitrary .html files with...

IBM Security Verify Access Cross-Site Scripting Vulnerability (CNVD-2022-87651)

IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls,...

Atlassian Jira < 8.13.12 Cross-Site Scripting

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.13.12 or 8.14.x prior to 8.20.2. It is, therefore, affected by a vulnerability allowing anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site...

Atlassian Jira < 8.20.3 Cross-Site Scripting

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.20.3. It is, therefore, affected by a vulnerability allowing remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored...

Fortinet FortiEDR 跨站脚本漏洞

Fortinet FortiEDR is a built-from-scratch endpoint security solution from US-based Fortinet. Fortinet FortiEDR suffers from a cross-site scripting vulnerability that stems from insufficient cleansing of user-supplied data. A remote attacker could exploit the vulnerability to trick a victim into...

WordPress Plugin WP-Filebase Download Manager跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Plugin WP-Filebase Download Manager version 3.4.4 contains a cross-site scripting...

TrueConf Server 跨站脚本漏洞

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that originates from unknown code in the file /admin/conferences/get-all-status/, with the parameter...

CVE-2022-29168

CVE-2022-29168 describes an XSS in Wire via insufficient escaping when rendering @mentions in the wire-webapp. When a user views a malicious message, arbitrary HTML/JavaScript can be executed in the victim’s context, potentially taking over the user account. Wire-desktop clients connected to a vu...

CVE-2022-1777 Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

Prison Management System Cross-Site Scripting Vulnerability

Prison Management System is a prison management system from Carlo Montero's personal developer. version 1.0 of Prison Management System contains a cross-site scripting vulnerability that could be exploited to inject arbitrary html and script code into a website...

Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

The plugin does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as...

GHSA-8JXQ-GPMR-H4G4 imdbphp Cross-Site Scripting (XSS)

A Cross-Site Scripting XSS was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data name passed to the "imdbphp-master/demo/search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

Magmi XSS Vulnerability

A Cross-Site Scripting XSS was discovered in Magmi 0.7.22. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the...

GHSA-63CJ-3R94-234V Persistent XSS vulnerability in Jenkins DRY Plugin

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

GHSA-9V3W-M552-M6FF Pi Cross-site Scripting vulnerability

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the pi-develop/www/script/editor/markitup/preview/markdown.php URL. An attacker could execute arbitrary HTML and script code in a browse...