Cross site scripting

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

CVE-2021-35265

A reflected cross-site scripting XSS vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page...

CVE-2021-28054

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting XSS issue in "Configuration Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter...

WayangCMS Cross-Site Scripting Vulnerability

WayangCMS is a software application. A website CMS. WayangCMS suffers from a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in index.php of WayangCMS v1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by adding...

CVE-2020-26153

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

CVE-2020-26153

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

CSZ CMS Cross-Site Scripting Vulnerability (CNVD-2021-50172)

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by entering a crafted payload in the "New Page" field under the "Page Content" module...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-59065)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress's WP suffers from a cross-site scripting vulnerability that can be exploited by attackers ...

baigo CMS Cross-Site Scripting Vulnerability (CNVD-2021-53924)

baigo CMS is an open source PHP-based web content management system CMS. baigo CMS v4.0 contains a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary web script or HTML by submitting form parameters to a public console configuration file...

CVE-2020-25925

Cross Site Scripting XSS in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

Cross site scripting

Cross Site Scripting XSS vulnerability in the CM Download Manager aka cm-download-manager plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action...

CVE-2020-25925

Cross Site Scripting XSS in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field...

Moodle < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 XSS Vulnerability

Moodle is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2020-23209

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module...

Cross site scripting

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module...

CVE-2021-28424

A stored cross-site scripting XSS vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...

CVE-2021-35303

Cross Site Scripting XSS in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute...

CVE-2021-35298

Cross Site Scripting XSS in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information...