106 matches found
CVE-2022-40002
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...
CVE-2022-40002
FeehiCMS 2.1.1 is affected. The vulnerability allows an attacker to execute arbitrary scripts via the callback parameter to the /cms/notify API, leading to XSS and potential browser-based actions. Root cause: unvalidated callback handling in the notify endpoint. Affected component: FeehiCMS-2.1.1...
CVE-2022-40002
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...
apinto-dashboard 跨站脚本漏洞
apinto-dashboard is a visual UI project open source by eolinker. apinto-dashboard has a security vulnerability , the vulnerability stems from some unknown features of the login , the operation of the parameter callback leads to cross-site scripting...
PT-2022-24174 · Unknown · Eolinker Apinto-Dashboard
Name of the Vulnerable Software and Affected Versions: eolinker apinto-dashboard affected versions not specified Description: A problematic issue has been found, affecting an unknown function of the file /login. The manipulation of the callback argument leads to cross-site scripting. It is possib...
PT-2022-24167 · Eolinker · Eolinker Apinto-Dashboard
Name of the Vulnerable Software and Affected Versions: eolinker apinto-dashboard affected versions not specified Description: A problematic issue affects the processing of the file /login, where the manipulation of the callback argument leads to an open redirect. This issue can be initiated...
GHSA-PCHF-755W-JJ6V QooxDoo XSS in Callback Parameter
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
QooxDoo XSS in Callback Parameter
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
CVE-2022-1020
The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...
CVE-2022-0212
The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it won't be...
WSO2 Identity Server 跨站脚本漏洞
WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server, which stems from the fact that in WSO2 Identity Server 5.7.0, a dom-based XSS attack can be executed that affects the callback parameter modifying the callback parameter before t...
CVE-2021-39412
Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...
CVE-2021-39412
Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...
Cross-site scripting in SocksJS-node
htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c aka callback parameter...
GHSA-HH8V-JMH3-9437 Cross-site scripting in SocksJS-node
htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c aka callback parameter...
MTN Group: Cross-site Scripting (XSS) - Reflected on http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via `callback` parameter
The vulnerability was a reflected cross-site scripting XSS found on the website http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via the "callback" parameter. The vulnerability allowed the execution of arbitrary JavaScript code...
Greenmart < 2.4.3 - Reflected Cross-Site Scripting (XSS)
The greenmartautocompletesearch AJAX action, available to both authenticated and unauthenticated users does not properly sanitise the callback parameter passed to it, resulting in a reflected Cross-Site Scripting issue. Edit WPScanTeam: The vendor 'fixed' the issue for authenticated users by addi...
Exploit for Code Injection in Nette Application
CVE-2020-15227 ============== DISCLAIMER! I take no responsibil...
CQU-LANKERS Cross-Site Scripting Vulnerability
CQU-LANKERS is a system of university community services. A cross-site scripting vulnerability exists in the public/api.php file in CQU-LANKERS 2017-11-02 and earlier versions, which can be exploited by remote attackers to bypass the Web Application Protection System with the help of the 'callbac...