CVE-2024-29890 Remote code execution in datalens-ui

DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem w...

CVE-2024-29890 Remote code execution in datalens-ui

DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem w...

PT-2024-23113 · Datalens · Datalens

Name of the Vulnerable Software and Affected Versions: DataLens versions prior to 0.1449.0 Description: A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent...

PT-2024-15041 · WordPress · The Post Grid Combo – 36+ Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress versions up to, and including, 2.2.64 Description: The issue is related to Stored Cross-Site Scripting via the custom JS parameter due to insufficient input sanitization and outp...

PT-2023-8835

Name of the Vulnerable Software and Affected Versions: Popup Builder WordPress plugin versions prior to 4.2.3 Description: The issue allows simple visitors to update existing popups and inject raw JavaScript, leading to Stored XSS attacks. This could enable attackers to conduct cross-site scripti...

WSO2 Management Console (Multiple Products) - Unauthenticated Reflected XSS Exploit

Exploit Title: WSO2 Management Console Multiple Products - Unauthenticated Reflected Cross-Site Scripting XSS Exploit Author: cxosmo Vendor Homepage: https://wso2.com Software Link: API Manager https://wso2.com/api-manager/, Identity Server https://wso2.com/identity-server/, Enterprise Integrator...

Cross site scripting

A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress White Label CMS Plugin versions prior to 2.2.9, which...

Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver

✍️ Description XSS payload is triggered during editing and saving text included near the payment button. 🕵️‍♂️ Proof of Concept " In the app, settings try editing already included product. drop the payload in the Buy Button Text and save it hence the payload will be triggered. 💥 Impact Execution of...

WordPress TC Custom JavaScript Plugin < 1.2.2 XSS Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2020-14063

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

CVE-2020-14063

CVE-2020-14063 affects the WordPress TC Custom JavaScript plugin prior to 1.2.2. The vulnerability is a stored XSS in the tccj-content parameter that is displayed in the page footer and executed in visitors’ browsers. It allows unauthenticated remote attackers to inject arbitrary JavaScript. The ...

WordPress TC Custom JavaScript plugin <= 1.2.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by WordFence in WordPress TC Custom JavaScript plugin versions = 1.2.1. Solution Update the WordPress TC Custom JavaScript plugin to the latest available version at least 1.2.2...

Microsoft Adds Support for JavaScript in Excel—What Could Possibly Go Wrong?

Shortly after Microsoft announced support for custom JavaScript functions in Excel, someone demonstrated what could possibly go wrong if this feature is abused for malicious purposes. As promised last year at Microsoft's Ignite 2017 conference, the company has now brought custom JavaScript...

MediaWiki cross-site scripting vulnerability (CNVD-2015-02415)

MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in MediaWiki. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a custom JavaScript file...

DEBIAN-CVE-2015-2938

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...

UBUNTU-CVE-2015-2938

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...

Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection Exploit

This module exploits a universal cross-site scripting UXSS vulnerability found in Internet Explorer 10 and 11. By default, you will steal the cookie from TARGETURI which cannot have X-Frame-Options or it will fail. You can also have your own custom JavaScript by setting the CUSTOMJS option. Lastl...