165 matches found
CVE-2024-12240
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin iChart 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...
PT-2024-35185 · Unknown · Forex Signals
Name of the Vulnerable Software and Affected Versions: Provide Forex Signals versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can inject...
CVE-2024-8052
The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5001
The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id', 'oxiaddonsftitletag', and 'contentdescriptiontag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and outpu...
RHEL 7 : rest (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data...
CVE-2024-30921
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...
PT-2024-18032 · WordPress · Elementor Addon Elements
Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 Description: The issue is related to Stored Cross-Site Scripting via the modal popup widget's effect setting due to insufficient input sanitization and outpu...
BIT-GITLAB-2021-22227
A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it...
Vulnerabilities fixed in IBM Qradar
IBM has fixed vulnerabilities in Qradar and underlying components such as SIEM, Wincollect and Case Manager. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS...
CodeAstro Internet Banking System Cross-Site Scripting Vulnerability
CodeAstro Internet Banking System is a PHP online banking system from CodeAstro. A cross-site scripting vulnerability exists in CodeAstro Internet Banking System version 1.0, which stems from the parameter Client Full Name in the file pagesclientsignup.php that can lead to cross-site scripting...
CVE-2023-4783
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
torarica.com Cross Site Scripting vulnerability OBB-3277599
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-16874 · Unknown · Sourcecodester File Tracker Manager System
Name of the Vulnerable Software and Affected Versions: SourceCodester File Tracker Manager System version 1.0 Description: A problematic issue was found in the SourceCodester File Tracker Manager System, affecting an unknown part of the file normal/borrow1.php. The manipulation of the id argument...
Nortek Control Linear eMerge E3-Series 跨站脚本漏洞
The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in several versions of the Nortek Control Linear eMerge...
PT-2022-22113 · Yii2 Gii · Yii2 Gii
Name of the Vulnerable Software and Affected Versions: Yii2 Gii versions through 2.2.4 Description: The issue allows stored XSS by injecting a payload into any field. Some fields, such as Message Category in Model Generator, CRUD Generator or Form Generator, and Author Name in Extension Generator...
The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2022-3824
The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Bodhi 跨站脚本漏洞
Bodhi is a web-based system used to manage the software update release process for Fedora. A security vulnerability exists in Bodhi version 5.6.1, which can be exploited by an attacker to perform cross-site scripting attacks...
USN-5585-1 jupyter-notebook vulnerabilities
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...