Pi Cross-site Scripting vulnerability

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the pi-develop/www/script/editor/markitup/preview/markdown.php URL. An attacker could execute arbitrary HTML and script code in a browse...

GHSA-PMFX-P95X-CG4P Alkacon OpenCms XSS via query parameter in a search action

Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...

CVE-2022-2511

Cross-site Scripting XSS vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL...

Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)

Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting XSS Exploit Author: LiquidWorm enteliTouch XSS input type="hidden" nam...

CVE-2022-0661

CVE-2022-0661 affects the WordPress Ad Injection plugin (versions up to 1.2.0.19). The issue is due to improper sanitization of the injected ad body, enabling a high-privileged Admin+ user to inject arbitrary HTML/Javascript, resulting in stored XSS, and it can also allow PHP code injection leadi...

Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting Vulnerability

enteliTouch XSS alertdocument.cookie" / input type="hidden" n...

Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting

enteliTouch XSS alertdocument.cookie" /...

Cross site scripting

A cross-site scripting XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor...

CVE-2021-43956: Javascript Prototype Pollution in the jQuery deserialize library

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...

ROS-20220204-01

A vulnerability in the Django web application framework is related to an infinite loop when parsing files . Exploitation of the vulnerability could allow an attacker acting remotely to upload a specially a specially crafted file to a server, utilize all available system resources, and cause a...

ROS-20220125-14

Lxml library vulnerability is related to insufficient cleansing of user data in the cleanup program HTML in the lxml.html file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a victim to click on a specially crafted link and execute arbitrary HTML code and scri...

CVE-2021-43942

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting XSS vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting...

Lemon OA 跨站脚本漏洞

Lemon OA is an open source office OA system developed by XuHuisheng personal developer using the Java language.Lemon OA version V1.10.0 has a security vulnerability that originates from the potrtalItemName parameter in webPortalController.java. An attacker can use the vulnerability to execute...

Privoxy 跨站脚本漏洞

Privoxy is a proxy server from the Privoxy team in the USA that does not cache web pages and comes with its own filtering features. It has advanced filtering features to enhance privacy, modify web data and HTTP headers, control access and remove advertisements and other annoying Internet...

CVE-2021-42117

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution...

CVE-2021-42118

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object...

Cross site scripting

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is...

Business-Dna Solution GmbH TopEase 跨站脚本漏洞

Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. A code injection vulnerability exists in Business-Dna Solution GmbH TopEase,...

FLEX 1085 Web 1.6.0 HTML Injection

Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection Date: 2021-11-21 Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android Title: ================ FLEX 1085 Web - HTML Injection Summary:...

FLEX 1085 Web 1.6.0 - HTML Injection Vulnerability

Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android Title: ================ FLEX 1085 Web - HTML Injection Summary: ================ Th...