85 matches found
Cross-site Scripting (XSS)
xwiki-commons is vulnerable to cross-site scripting XSS. An attacker can inject arbitrary script via an SVG document to the upload feature of the comment section...
GHSA-43HG-G44Q-474Q Cross Site Scripting (XSS) in XWiki
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...
Cross Site Scripting (XSS) in XWiki
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...
CVE-2021-3137
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...
CVE-2021-3137
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...
CVE-2021-3137
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...
CVE-2021-3137
CVE-2021-3137 affects XWiki 12.10.2, enabling XSS via an SVG document uploaded to the comment feature. Root cause: insecure handling of SVG uploads leading to script injection. Impact: cross-site scripting in affected deployments. Mitigation: vendor fix (VendorFix) referenced by OpenVAS entries; ...
Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
Exploit Title: Xwiki CMS 12.10.2 - Cross Site Scripting XSS Date: 17-01-2021 Exploit Author: Karan Keswani Vendor Homepage: https://www.xwiki.org/xwiki/bin/view/Main/WebHome Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: Xwiki CMS- 12.10.2 Tested on: Windows 10 Description...
Xwiki CMS 12.10.2 Cross Site Scripting
Exploit Title: Xwiki CMS 12.10.2 - Cross Site Scripting XSS Date: 17-01-2021 Exploit Author: Karan Keswani Vendor Homepage: https://www.xwiki.org/xwiki/bin/view/Main/WebHome Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: Xwiki CMS- 12.10.2 Tested on: Windows 10 Description...
Ueeshop comment section has XSS vulnerability
Ueeshop provides e-commerce website building cross-border independent station building platform. Ueeshop comment area there is an XSS vulnerability, attackers can use the vulnerability to implant malicious js code, such as stealing cookies hanging horse and other operations...
CVE-2020-13325
A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service...
Code injection
A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service...
CVE-2020-13325
Removed by vendor...
Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting XSS vulnerability. The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions: "Bug fix: Fixed issues on comment form" Add a...
InoERP 0.7.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CV...
InoERP 0.7.2 - Persistent Cross-Site Scripting
InoERP 0.7.2 - Persistent Cross-Site Scripting Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kal...
InoERP 0.7.2 Cross Site Scripting
Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...
InoERP 0.7.2 - Persistent Cross-Site Scripting
Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...
Unspecified Vulnerability in GitLab (CNVD-2020-22023)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community and...
ExpressionEngine: Open Redirect in comment section
@winst0n13 discovered that the URL you are redirected to after successfully submitting a comment could be modified in certain circumstances. @winst0n13 gave a detailed report with step-by-step instructions for replicating, enabling a speedy resolution to the issue...