TastyIgniter 跨站脚本漏洞

TastyIgniter is a free and open source online ordering software based on the Laravel PHP Framework, designed to allow developers and restaurateurs to enjoy life. A security vulnerability exists in TastyIgniter version v3.5.0. An attacker can exploit this vulnerability to execute arbitrary web...

CVE-2022-2935

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

Cross-Site Scripting (XSS)

exceedone/exment and exceedone/laravel-admin are vulnerable to cross-site scripting. The vulnerability exists because the user inputs are not properly escaped in multiple functions which allows an attacker to inject and execute arbitrary java and SQL scripts...

PukiWiki 跨站脚本漏洞

PukiWiki is a set of Wiki software by Lindsay's personal developer. A security vulnerability exists in PukiWiki versions 1.3.1 through 1.5.3. A remote attacker can exploit this vulnerability to inject arbitrary scripts via unspecified vectors...

CVE-2022-35509

An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information...

CVE-2022-1492

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...

CVE-2022-32225

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System...

XSS Vulnerability in Veeam Management Pack for Microsoft System Center v8

Vulnerability Details A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack...

CVE-2022-33075

A stored cross-site scripting XSS vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors...

CVE-2022-29513

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...

Cisco Catalyst 2940 Series Cross-Site Scripting Vulnerability

Cisco Catalyst is a series of switches from Cisco, Inc. A cross-site scripting vulnerability exists in the Cisco Catalyst 2940 Series, which stems from a failure to properly process user input and generate an error page that could be exploited by an attacker to execute arbitrary scripts on the we...

CVE-2022-1822

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

SPIP 跨站脚本漏洞

SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP version 3.1.13 and prior versions, which originates in /spip.php. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could use...

CVE-2022-27330

A cross-site scripting XSS vulnerability in /public/admin/index.php?addproduct of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field...

CVE-2020-23617

A cross site scripting XSS vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element...

Cross-Site Scripting (XSS)

shopware/shopware is vulnerable to non-stored cross-site scripting. The vulnerability exists in storefront because the input parameters are not properly filtered which allows an attacker to inject and execute arbitrary scripts via url...

Cross-Site Scripting (XSS)

facturascripts/facturascripts is vulnerable to stored cross-site scripting. The vulnerability exists in EditPageOption.php due to improper sanitization which allows an attacker to inject and execute arbitrary scripts...

Cross-site Scripting (XSS)

antisamy is vulnerable to cross-site scripting. The vulnerability exists in the processStyleTag function in AntiSamyDOMScanner.java due to lack of input sanitization which allows an attacker to inject and execute arbitrary scripts...

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...