197 matches found
Travelmate Travelable Trek Management Solution 跨站脚本漏洞
Travelmate Travelable Trek Management Solution is a business travel software from Travelmate, Inc. A cross-site scripting vulnerability exists in version 1.0 of Travelmate Travelable Trek Management Solution, which originates from an unknown function in the component Comment Box Handler that caus...
Cross-Site Scripting (XSS)
github.com/mlogclub/bbs-go is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser via a crafted payload to the comment...
CVE-2023-36222
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...
CVE-2023-36222
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...
Cross site scripting
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...
CVE-2023-36222
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...
CVE-2023-36222
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function...
bbs-go 跨站脚本漏洞
bbs-go is an open source community system built using the Go language by mlogclub open source. A cross-site scripting vulnerability exists in mlogclub bbs-go v. 3.5.5, which stems from a vulnerability that allows a remote attacker to execute arbitrary code via a crafted payload on the comment...
CVE-2023-1602
The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2023-1602
The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions...
Cross site scripting
A stored cross-site scripting XSS vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment...
typecho 跨站脚本漏洞
typecho is a PHP blogging platform for typecho individual developers. It is simple and powerful. A security vulnerability exists in typecho v1.2.0, which can be exploited by an attacker to execute arbitrary web script or HTML using a crafted payload via the url parameter in...
CVE-2020-20521
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter...
Cross site scripting
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter...
KiteCMS 跨站脚本漏洞
KiteCMS is a website CMS. A security vulnerability exists in KiteCMS v.1.1. An attacker exploited the vulnerability to execute arbitrary code via the comment parameter...
CVE-2020-20521
CVE-2020-20521 is a Cross Site Scripting vulnerability in KiteCMS v1.1 that enables a remote attacker to execute arbitrary code via the comment parameter. The CVSS v3.1 base score is 6.1 (Medium); attack vector Network, user interaction Required, with a Changed scope and Confidentiality/Integrity...
PT-2023-11554 · Kitecms · Kitecms
Name of the Vulnerable Software and Affected Versions: KiteCMS version 1.1 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the comment parameter. Recommendations: For KiteCMS version 1.1, avoid using the comment parameter until a fix is available. ...
CVE-2020-20521
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter...
CVE-2022-34133
Jorani v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Comment parameter at application/controllers/Leaves.php...
CVE-2022-34133
Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Comment parameter at application/controllers/Leaves.php...