18 matches found
CVE-2021-47955
CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which...
CVE-2021-47955
CVE-2021-47955 affects CouchCMS 2.2.1 and describes a cross-site scripting vulnerability via SVG file uploads. An authenticated attacker can upload SVG files containing embedded script tags through the file upload functionality, which are then executed in other users’ browsers when the files are ...
CVE-2021-47955 CouchCMS 2.2.1 Cross-Site Scripting via SVG File Upload
CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which...
PT-2026-41452
Name of the Vulnerable Software and Affected Versions CouchCMS version 2.2.1 Description Authenticated attackers can execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. This occurs when SVG files containing embedded script tags are uploaded to the...
CVE-2026-7308
CVE-2026-7308 (Nexus Repository) : An authenticated user with upload permissions can store content that triggers arbitrary JavaScript in the browser of any user visiting the repository HTML index page, via Nexus Repository versions 3.6.0–3.91.x (3.92.0 fixes this). The attack is a stored XSS on t...
CVE-2026-7308 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) via HTML Browse Page
An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...
Linux Distros Unpatched Vulnerability : CVE-2022-40315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A limited SQL injection risk was identified in the browse list of users site administration page. CVE-2022-40315 Note that Nessus relies on the presence of the...
jonnys Liquor browse.php file SQL injection vulnerability
jonnys Liquor is a content and management system. jonnys Liquor suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /browse.php. An attacker can exploit this vulnerability to execute illeg...
CVE-2023-43481
An issue in Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser 6.65.022dab24cc6231221gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component...
TCL BrowseHere Security Breach
Tcl Communication TCL BrowseHere is a video playback browser with a sophisticated interface from TCL Communication China. A security vulnerability exists in TCL BrowseHere version 6.65.022dab24cc6231221gp, which originates from a vulnerability that allows remote attackers to execute arbitrary...
rottentomatoes.com XSS vulnerability
Vulnerable URL: https://www.rottentomatoes.com/browse/dvd-streaming-all/?services=...
SQL Injection Vulnerability in UReader Digital Library System browse.php Page
UReader Digital Library UReader Digital Library is a comprehensive platform for providing e-books in original foreign languages. A SQL injection vulnerability exists in the UReader Digital Library browse.php page. The vulnerability is caused by not filtering the 'catid' parameter effectively, whi...
sevensupergirls.brownpapertickets.com XSS vulnerability
Vulnerable URL: http://sevensupergirls.brownpapertickets.com/browse.html Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...
phe-culturecollections.org.uk XSS vulnerability
Vulnerable URL: https://www.phe-culturecollections.org.uk/products/bacteria/browse.jsp?level=1&val1;=Achromobacter%20xylosoxidans%20subsp.%20xylosoxidans=1%22--%3E%3Csvg/onload=;prompt/OPENBUGBOUNTY/;%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017...
mediatheque.mc XSS vulnerability
Vulnerable URL: http://www.mediatheque.mc/in/faces/browse.xhtml?profile=%3C/title%3E%3C/script/%27-alert%280%29-%27%22-%22--%3E%3Cimg/onerror=%22;alert%28/OPENBUGBOUNTY/%29;%22src=1%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS...
shopstyle.com XSS vulnerability
Vulnerable URL: http://www.shopstyle.com/browse?fts="...
CVE-2014-8958
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...
Unfixed XSS vulnerability at www.muslima.com
Security researcher TurKPoweR, has submitted on 13/06/2008 a cross-site-scripting XSS vulnerability affecting www.muslima.com, which at the time of submission ranked 8354 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/11/2008. It is current...