CVE-2022-30690

A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this...

CVE-2022-26842

A reflected cross-site scripting xss vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP...

Cross site scripting

A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...

Cross site scripting

A reflected cross-site scripting xss vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP...

Cross site scripting

A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this...

Cross site scripting

A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger thi...

CVE-2022-32772

A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...

CVE-2022-32772

CVE-2022-32772 affects WWBN AVideo 11.6 and the dev master commit 3f7c0364. The vulnerability is a footer alerts XSS in the msg parameter, where insufficient sanitization allows crafted input to inject JavaScript. TALOS confirms multiple XSS variants via footer.php without proper sanitization, in...

CVE-2022-32772

A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...

CVE-2022-32771

A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...

CVE-2022-30690

A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this...

CVE-2022-28712

A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger thi...

CVE-2022-26842

A reflected cross-site scripting xss vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP...

CVE-2022-26842

A reflected cross-site scripting xss vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting. The vulnerability exists because the help icon does not escape the feature name that is part of its tooltip which allows an attacker to inject and execute arbitrary javascript...

The vulnerability in the implementation of the SVG <use> element in the Mozilla Firefox browser allows a malicious actor to execute arbitrary JavaScript code.

The vulnerability of the SVG element implementation in Mozilla Firefox is related to security configuration errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

CVE-2022-38192

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 11.6. An attacker can exploit this vulnerability to execute arbitrary Javascript via a specially crafted HTTP request...