Cross site scripting

Cross-site scripting XSS vulnerability in contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter...

CVE-2021-40968

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap Codeigniter 3.1.11, Bootstrap 3.3.7 allows remote attackers to inject arbitrary web script or HTML via the searchtitle parameter...

CVE-2021-40926

Cross-site scripting XSS vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter...

CVE-2021-40970

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter...

CVE-2021-40972

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter...

CVE-2021-41464

Cross-site scripting XSS vulnerability in concrete/elements/collectionadd.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter...

CVE-2021-40969

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter...

CVE-2021-40924

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the firstname parameter...

CVE-2021-40921

Cross-site scripting XSS vulnerability in contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

Default credentials

Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP...

CVE-2021-28901

Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...

Cross site scripting

The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1...

CVE-2021-38340

The WordPress Simple Shop plugin for WordPress (versions up to 1.2) is vulnerable to Reflected Cross-Site Scripting via the update_row parameter in the file ~/includes/add_product.php, allowing attackers to inject arbitrary scripts. Multiple connected documents corroborate this, stating the vulne...

JEESNS stored cross-site scripting vulnerability (CNVD-2021-74061)

JEESNS is a social management system developed on JAVA's enterprise-level platform. A stored cross-site scripting vulnerability exists in the /weibo/publishdata component in JEESNS version 1.4.2. The vulnerability can be exploited to execute arbitrary web script or HTML via a specially crafted...

JEESNS Stored Cross-Site Scripting Vulnerability (CNVD-2021-74057)

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the header...