7613 matches found
Input validation
The Admin Columns Free WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1, rendered input on the posted pages with improper input validation on the value passed into the field 'Label' parameter, by taking this as an advantage an authenticated attacker can supply a...
WordPress plugin Admin Columns 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Hitachi Application Server 跨站脚本漏洞
Hitachi Application Server is a server from Hitachi, Japan. A cross-site scripting vulnerability exists in Hitachi Application Server that could allow a remote attacker to inject arbitrary script via an unspecified vector...
CVE-2021-1395 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...
TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)
Exploit Title: TextPattern CMS 4.8.7 - Stored Cross-Site Scripting XSS Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp TextPattern is pron...
GHSA-RCP4-JM2V-MR3F Cross-site scripting in Shopizer
A stored cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customername in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when informati...
GHSA-V9W8-HQ92-V39M Cross-site Scripting (XSS) in baserCMS
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
Cross-site Scripting (XSS) in baserCMS
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
GHSA-24P5-X9F9-VVPX Cross-site Scripting (XSS) in baserCMS
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
YzmCMS 跨站脚本漏洞
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the /admin/systemmanage/userconfigedit.html page there is a cross-site scripting vulnerability, an attacker can use the vulnerability to inject...
CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-39688)
CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...
Mozilla Firefox 跨站脚本漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Firefox 3.6.24 and versions between 4.x and 7. An attacker can exploit this vulnerability to inject arbitrary web script or HTML to execute client-side co...
Fastspot BigTree 跨站脚本漏洞
Fastspot BigTree is an open source content management system CMS based on PHP and MySQL from Fastspot Inc. in the United States. A cross-site scripting vulnerability exists in BigTree CMS version 4.4.10 and prior versions that allows an authenticated attacker to update the site's index.php...
The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.
The vulnerability of the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code and script code in the user’s browser, within the context of the...
CMS Made Simple 跨站脚本漏洞
CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...
CVE-2020-26642
A cross-site scripting XSS vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML...
Cross site scripting
Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr...
Cross-site Scripting in OpenNMS Horizon
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since ther...
Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected XSS (cisco-sa-asa-rxss-L54Htxp)
According to its self-reported version, Cisco ASA Software is affected by a vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...
CVE-2021-20725
Reflected cross-site scripting vulnerability in the admin page of Calendar01 free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...