Cross site scripting

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL...

Cross site scripting

Cross-site scripting XSS vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature...

Cross site scripting

Cross Site Scripting XSS vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page...

editor.md 跨站脚本漏洞

Editor.md is an open source embedded online Markdown a markup language editor. A security vulnerability exists in pandao editor.md version 1.5.0 and earlier, which stems from a cross-site scripting XSS vulnerability that allows attackers to inject arbitrary Web script or HTML...

CVE-2023-29636

Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString...

my-site 跨站脚本漏洞

my-site is WinterChenS personal developer's springboot2.0 based development of personal Web site , integrated : personal home page , personal blog , personal works . WinterChenS my-site has a security vulnerability that stems from the presence of a cross-site scripting XSS vulnerability that allo...

ToolJet 跨站脚本漏洞

ToolJet is an extensible low-code framework for building business applications from ToolJet. A security vulnerability exists in ToolJet version v1.6.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload...

Odoo 跨站脚本漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security...

WordPress plugin Metform Elementor Contact Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G 跨站脚本漏洞

PLANEX Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G is a camera from PLANEX. A security vulnerability exists in the Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G. An attacker can exploit this vulnerability to inject arbitrary scripts...

CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

Cross site scripting

Multiple reflective cross-site scripting XSS vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q paramete...

CVE-2022-45122

Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.5301 and earlier Movable Type Advanced 7 Series, Movable Type 6.8.7 and earlier Movable Type 6 Series, Movable Type Advanced 6.8.7 and earlier Movable Type Advance...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress versions prior to 6.0.3. An attacker exploiting this...

Pimcore Cross Site Scripting (CVE-2022-0831; CVE-2022-0832)

A cross site scripting vulnerability exists in Pimcore. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary script into the affected system...

PT-2022-24615 · Liferay · Liferay Digital Experience Platform

Name of the Vulnerable Software and Affected Versions: Liferay Digital Experience Platform version 7.3.10 SP3 Description: A Cross-site scripting XSS issue in the Blog module's add new topic functionality allows remote attackers to inject arbitrary JS script or HTML into the name field of newly...

CVE-2022-28978

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

CVE-2022-38972

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors...