Remote File Inclusion

cakephp/cakephp is vulnerable to Remote File Inclusion. The vulnerability is due to the getViewFileName function in View.php which allows an attacker to execute arbitrary scripts outside the view path by manipulating view template filenames...

Cross site scripting

A stored cross-site scripting XSS vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper user input sanitization in add.php which allows an attacker to inject and execute arbitrary scripts...

CVE-2022-46968

A stored cross-site scripting XSS vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper user input sanitization in record.comments.php which allows an attacker to inject and execute arbitrary scripts...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site-Scripting XSS. The vulnerability exists in the generateLayoutTreeFromArray function in Service.php because the title field is not validated which allows an attacker to inject and execute arbitrary scripts...

Cross-Site Scripting (XSS)

iet-ou/open-media-player is vulnerable to cross-site scripting. The vulnerability exists in webvtt function of timedtext.php in the timedtext controller which allows an attacker to inject and execute arbitrary scripts...

MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics

The plugin does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. PoC 1. Open a WP page with the plugin and Google analytics installed and search for...

CVE-2022-40841

A cross-site scripting XSS vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field...

CVE-2022-45769

A cross-site scripting XSS vulnerability in ClicShoppingV3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter...

CVE-2022-44953

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add"...

CVE-2022-44959

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2022-45214

A cross-site scripting XSS vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php...

CVE-2022-45038

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field...

CVE-2022-45040

A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...

CVE-2022-43143

A cross-site scripting XSS vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container...

CVE-2022-45015

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field...

CVE-2022-43142

A cross-site scripting XSS vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...

Ricoh IPSiO SP 4210 跨站脚本漏洞

The Ricoh IPSiO SP 4210 is a laser printer from Ricoh Japan. A security vulnerability exists in the Ricoh IPSiO SP 4210, which can be exploited by an attacker to execute arbitrary scripts on the web browser of a user who logs into the product with administrative privileges...