PT-2023-33068 · Tinymce · Tinymce

Name of the Vulnerable Software and Affected Versions: TinyMCE versions 4.9.10 and earlier TinyMCE versions 5.4.0 and earlier Description: A cross-site scripting XSS issue was found in the core parser of TinyMCE, allowing arbitrary JavaScript execution when inserting specially crafted content int...

Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link. PoC Make a logged in...

Arbitrary javascript injection in Apache Jena

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

CVE-2023-22665 Apache Jena: Exposure of arbitrary execution in script engine expressions.

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

Stored Cross-Site Scripting (XSS)

andrewhaine/silverstripe-form-capture is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in form submissions, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Easy!Appointments 跨站脚本漏洞

Easy!Appointments is a web-based appointment and schedule management system. A cross-site scripting vulnerability exists in versions prior to Easy!Appointments 1.5.0, which can be exploited by an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user...

CVE-2023-24464

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

Cross site scripting

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

CVE-2023-24464

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

PT-2023-19622 · Unknown +4 · Bs-Gs2024P +5

Name of the Vulnerable Software and Affected Versions: BS-GS2008 firmware versions 1.0.10.01 and earlier BS-GS2016 firmware versions 1.0.10.01 and earlier BS-GS2024 firmware versions 1.0.10.01 and earlier BS-GS2048 firmware versions 1.0.10.01 and earlier BS-GS2008P firmware versions 1.0.10.01 and...

CVE-2023-24464

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

CVE-2023-0546 FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...

CVE-2022-43914

IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036...

Uptime Kuma 1.19.6 Cross Site Scripting

Exploit Title: Stored XSS in uptime-kuma ""alert"XSS" If anyone loads the page, the javascript inside the script tag will be executed...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in class.js, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-Site Scripting (XSS)

rails is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in HTML elements, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

LISTSERV 17 - Reflected Cross Site Scripting (XSS)

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Google Dork: inurl:/scripts/wa.exe Date: 12/01/2022 Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CV...

GHSA-7J98-H7FP-4VWJ smarty Cross-site Scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused by the filter function in filter.php when the algebra filter code is not available, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2023-28447

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...