CVE-2024-6704 Comments – wpDiscuz <= 7.6.21 - Unauthenticated HTML Injection

The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing...

CVE-2021-4227

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

CVE-2021-4227

The ark-commenteditor WordPress plugin (versions

CVE-2023-30948

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...

Palantir Foundry 安全漏洞

Palantir Foundry is a business process management platform from U.S.-based Palantir, Inc. A security vulnerability exists in Palantir Foundry versions prior to 2.249.0, which stems from a security flaw in the commenting functionality that can be exploited by an attacker to inject an attachment UU...

Markdown injection into github comment

Description Users can donate for builds by tipping [email protected]. There's a github action that will thank the user in a comment. The name is not sanitized and by using one such as the following, attackers can inject their own markdown into the comment. foo The "" breaks out of the context,...

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

中天网络科技 OFCMS 跨站脚本漏洞

Zhongtian Network Technology OFCMS is a content management system CMS developed in Java language by China Zhongtian Network Technology Company. A security vulnerability exists in OFCMS v1.1.4, which allows attackers to execute arbitrary web script or HTML by injecting an attack payload into a...

Cross-site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting. An attacker is able to inject malicious script via the comment because --! is not handled...

dotCMS cross-site scripting vulnerability (CNVD-2021-39519)

Dotcms dotCMS is a content management system CMS from the American company dotCMS Dotcms. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS v5.1.5, which can be exploited by a remote...

CVE-2020-26225

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post...

Multi Language Olx Clone Script - Cross-Site Scripting

Exploit Title: Multi Language Olx Clone Script - Stored XSS Date: 08.02.2018 Exploit Author: Varun Bagaria Web: Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/olx-clone/ Category: Web Application Version:2.0.6 Tested on: Windows 7 CVE: NA...

CVE-2015-7324

Multiple cross-site scripting XSS vulnerabilities in helpers/comment.php in the StackIdeas Komento comkomento component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 img or 2 url tag of a new comment...

BlogoText 'markup_clean_href' function cross-site scripting vulnerability

BlogoText is a lightweight SQLite blogging engine. A cross-site scripting vulnerability exists in the 'markupcleanhref' function in the inc/conv.php file in BlogoText 3.7.6 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code with the help of ...

CVE-2017-14957

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can for example change global settings or create/delete posts. It is also possible to execute JavaScript against...

CVE-2015-5399

Cross-site scripting XSS vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment...

CVE-2016-5704

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

Serendipity 2.0.1 Cross Site Scripting

Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...

DEBIAN-CVE-2015-3438

Multiple cross-site scripting XSS vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a 1 four-byte UTF-8 character or 2 invalid character that reaches the database layer, as demonstrated by a crafted...