7613 matches found
CVE-2020-18126
Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...
Cross site scripting
A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox Version – 2.2.0 & below. The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the...
Cross-site Scripting (XSS) - Stored in namelessmc/nameless
✍️ Description Stored XSS in google analytics. 🕵️♂️ Proof of Concept 1. goto 'http://localhost/Nameless/index.php?route=/panel/core/seo/' logged in as admin. 2. enter "G-XXXXXXXX'; javascript:alert1; alert1; instead will cause any admin who visits the SEO page to have the java script activated on...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22648)
Six Apart Movable Type is an application of Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from the lack of proper validation of client-side data in the WEB application. An attacker could use this vulnerability to inject arbitrary script or HTML...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22649)
Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from the lack of proper validation of client-side data in the WEB application and can be exploited to inject arbitrary script or HT...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22647)
Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from the lack of proper validation of client-side data in the WEB application and can be exploited to inject arbitrary script or HT...
CVE-2021-20810
Cross-site scripting vulnerability in Website Management screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and...
CVE-2021-20814
Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, and Movable Type Premium 1.44 and earlier allows remote...
CVE-2021-20813
Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series and Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series allows remote attackers to inject arbitrary script or HTML via unspecified vector...
Cross site scripting
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable...
CVE-2021-20813
Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series and Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series allows remote attackers to inject arbitrary script or HTML via unspecified vector...
CVE-2021-20808
Cross-site scripting vulnerability in Search screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and earlier, and...
CVE-2021-20810
Cross-site scripting vulnerability in Website Management screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and...
Cross site scripting
Cross-site scripting vulnerability in List of Assets screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and...
Cross site scripting
Cross-site scripting vulnerability in Search screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and earlier, and...
Cross site scripting
Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...
CVE-2021-20814
Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, and Movable Type Premium 1.44 and earlier allows remote...
CVE-2021-20810
Cross-site scripting vulnerability in Website Management screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and...
CVE-2021-20809
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable...
Atlassian JIRA < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 XSS (JRASERVER-72392)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is affected by a cross-site scripting vulnerability in the number range searcher component due to improper validation of user-supplied input before returning it to users. An...