135 matches found
CVE-2020-29572
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field...
Design/Logic Flaw
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field...
CVE-2020-29572
CVE-2020-29572 affects MISP 2.4.135, with a cross-site scripting vulnerability in the file app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp via the authkey comment field. The root cause is unsanitized input leading to XSS in the template rendering, enabling arbitrary script e...
Shopify: damage to the timeline so that comment fields cannot be displayed or not available to all members in the store
see https://a-alert-b-y000-b-finda.myshopify.com/admin/discounts/416981811222 I tried to make a discount code with a product name and a discount code like: ± ± when I havehtag the product name on the timeline comment and I get a "server error" reply and it causes crashes to the timeline, so...
CVE-2019-19500
CVE-2019-19500 affects Matrix42 Workspace Management 9.1.2.2765 and earlier. The vulnerability is a stored XSS in unfiltered description parameters of the WEB application (e.g., the comment field of a special software order). Root cause: lack of proper validation of client‑side data by the applic...
CVE-2017-18215
The CVE-2017-18215 entry concerns the image tool xv, version 3.10a. Affected component: xvpng.c in xv 3.10a. Root cause: memory corruption (out-of-bounds write) when decoding PNG comment fields due to an incorrect length value. Impact: potential crashes or code execution as stated in the sources....
PHP Scripts Mall Multi Language Olx Clone Script Cross Site Scripting Vulnerability
PHP Scripts Mall Multi Language Olx Clone Script is a set of PHP based scripts for multilingual information publishing websites from PHP Scripts Mall, India. A cross-site scripting vulnerability exists in PHP Scripts Mall Multi Language Olx Clone Script version 2.0.6. A remote attacker can exploi...
CVE-2018-6845
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field...
CVE-2018-6845
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field...
CVE-2018-6845
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field...
Paragon Initiative Enterprises: Airship: Persistent XSS via Comment
Affected: Airship 2.0.0 commit 15bdc0d CVSS ---- Medium 6.1 https://www.first.org/cvss/calculator/3.0CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Description ----------- The "name" field of a comment on a blog post is vulnerable to persistent XSS. When replying to a comment, the comment name is...
Wordpress Stored Cross-Site Scripting Zero Day Vulnerability
WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of...
Cross site scripting
Cross-site scripting XSS vulnerability in Liferay Portal Enterprise Edition EE 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the 20body parameter in the comment field in an uploaded file...
Live Comment Preview 2.0.2 - Comment Field Preview XSS
The live-comment-preview WordPress plugin was affected by a Comment Field Preview XSS security vulnerability...
Hiox Guest Book 5.0 Cross Site Scripting
Exploit Title : HIOX GUEST BOOK 5.0 HGB-5.0 Cross Site Scripting Author : JoKeRStEx Tested On : Windows Download Software Link : www.hscripts.com/scripts/php/downloads/HGB.zip Date : 03/01/2014 + P.O.C prompt'JoKeRStEx'" prompt'xss email'" prompt'xss comment'" + For test The Exploit Example...
CVE-2013-5690
Multiple cross-site scripting XSS vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 content with the text/xml MIME type or 2 the Status comment field of an appointment...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 content with the text/xml MIME type or 2 the Status comment field of an appointment...
Comment field on GH cards do not respect the comment visibility.
If you add the Comment field on any Issue Views on GH the field shows the latest comment but it doesn't inherit the comment visibility from Jira. This misbehaviour happens on Planning board and Task board with any GH views Summaries, Cards and Lists. Steps to Reproduce: Add the comment field to a...
Comment field on GH cards do not respect the comment visibility.
If you add the Comment field on any Issue Views on GH the field shows the latest comment but it doesn't inherit the comment visibility from Jira. This misbehaviour happens on Planning board and Task board with any GH views Summaries, Cards and Lists. Steps to Reproduce: Add the comment field to a...
Cross site scripting
Cross-site scripting XSS vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field...