Lucene search
K

106 matches found

OSV
OSV
added 2022/12/15 12:0 a.m.17 views

CVE-2022-40002

Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...

5.4CVSS5.3AI score0.00506EPSS
Exploits1References3
CVE
CVE
added 2022/12/15 12:0 a.m.76 views

CVE-2022-40002

FeehiCMS 2.1.1 is affected. The vulnerability allows an attacker to execute arbitrary scripts via the callback parameter to the /cms/notify API, leading to XSS and potential browser-based actions. Root cause: unvalidated callback handling in the notify endpoint. Affected component: FeehiCMS-2.1.1...

5.4CVSS5.3AI score0.00506EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/15 12:0 a.m.6 views

CVE-2022-40002

Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...

5.3AI score0.00506EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.4 views

apinto-dashboard 跨站脚本漏洞

apinto-dashboard is a visual UI project open source by eolinker. apinto-dashboard has a security vulnerability , the vulnerability stems from some unknown features of the login , the operation of the parameter callback leads to cross-site scripting...

6.1CVSS5.8AI score0.00584EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.5 views

PT-2022-24174 · Unknown · Eolinker Apinto-Dashboard

Name of the Vulnerable Software and Affected Versions: eolinker apinto-dashboard affected versions not specified Description: A problematic issue has been found, affecting an unknown function of the file /login. The manipulation of the callback argument leads to cross-site scripting. It is possib...

6.1CVSS5.9AI score0.00584EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.4 views

PT-2022-24167 · Eolinker · Eolinker Apinto-Dashboard

Name of the Vulnerable Software and Affected Versions: eolinker apinto-dashboard affected versions not specified Description: A problematic issue affects the processing of the file /login, where the manipulation of the callback argument leads to an open redirect. This issue can be initiated...

6.3CVSS6.1AI score0.00428EPSS
Exploits1References4
OSV
OSV
added 2022/05/17 1:59 a.m.17 views

GHSA-PCHF-755W-JJ6V QooxDoo XSS in Callback Parameter

Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...

4.3CVSS5.7AI score0.02608EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/17 1:59 a.m.15 views

QooxDoo XSS in Callback Parameter

Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...

4.3CVSS6.2AI score0.02608EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2022/04/18 6:15 p.m.26 views

CVE-2022-1020

The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...

9.8CVSS0.26586EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/02/14 12:15 p.m.5 views

CVE-2022-0212

The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.02291EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2022/01/13 12:0 a.m.19 views

SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it won't be...

6.1CVSS2.5AI score0.02291EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.8 views

WSO2 Identity Server 跨站脚本漏洞

WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server, which stems from the fact that in WSO2 Identity Server 5.7.0, a dom-based XSS attack can be executed that affects the callback parameter modifying the callback parameter before t...

6.1CVSS5.5AI score0.00723EPSS
Exploits0References2
OSV
OSV
added 2021/11/05 3:15 p.m.3 views

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

6.1CVSS5.8AI score0.00562EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/05 2:43 p.m.28 views

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

6.3AI score0.00562EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/04/13 3:25 p.m.45 views

Cross-site scripting in SocksJS-node

htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c aka callback parameter...

6.1CVSS5.8AI score0.01886EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2021/04/13 3:25 p.m.24 views

GHSA-HH8V-JMH3-9437 Cross-site scripting in SocksJS-node

htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c aka callback parameter...

6.1CVSS5.8AI score0.01886EPSS
Exploits1References6
Hacker One
Hacker One
added 2021/04/03 4:27 a.m.13 views

MTN Group: Cross-site Scripting (XSS) - Reflected on http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via `callback` parameter

The vulnerability was a reflected cross-site scripting XSS found on the website http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via the "callback" parameter. The vulnerability allowed the execution of arbitrary JavaScript code...

6.2AI score
Exploits0
wpexploit
wpexploit
added 2020/10/28 12:0 a.m.29 views

Greenmart < 2.4.3 - Reflected Cross-Site Scripting (XSS)

The greenmartautocompletesearch AJAX action, available to both authenticated and unauthenticated users does not properly sanitise the callback parameter passed to it, resulting in a reflected Cross-Site Scripting issue. Edit WPScanTeam: The vendor 'fixed' the issue for authenticated users by addi...

4.3CVSS1.3AI score0.00923EPSS
Exploits3References2
GithubExploit
GithubExploit
added 2020/10/09 1:13 p.m.79 views

Exploit for Code Injection in Nette Application

CVE-2020-15227 ============== DISCLAIMER! I take no responsibil...

9.8CVSS9.1AI score0.35228EPSS
Exploits3
CNVD
CNVD
added 2018/09/18 12:0 a.m.5 views

CQU-LANKERS Cross-Site Scripting Vulnerability

CQU-LANKERS is a system of university community services. A cross-site scripting vulnerability exists in the public/api.php file in CQU-LANKERS 2017-11-02 and earlier versions, which can be exploited by remote attackers to bypass the Web Application Protection System with the help of the 'callbac...

6.1CVSS6AI score0.00648EPSS
Exploits1References1
Rows per page
Query Builder