U.S. Dept Of Defense: XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags

Hi team, I found an Iframe injection issue where I chained it and formed an XSS. I found the issue in the text editor area while ███████ing the account. There is a place in the registration area where we have to give a reason for █████████. We can write our reason and edit to show more beautifull...

Advanced Guestbook 2.4.4 - (Smilies) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4.4 Advanced...

Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS

The plugins have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “titletag” parameter. Although the element control lists a fixed set of possible html tags, it is possib...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs

Impact The Nextcloud dialogs library before 3.1.2 did insufficiently escape text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. Note: Nextcloud Server employs a strict Content Security Policy that mitigates the risk o...

Froala 3.2.6-1 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel: https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ PoC: In t...

VulnCheck KEV: CVE-2020-11023

JQuery contains a persistent cross-site scripting XSS vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser...

Dundas BI server cross-site scripting vulnerability

Dundas BI server is a web-based server application. A cross-site scripting vulnerability exists in Dundas BI version 8.0.0.1001 and prior versions, which stems from allowing XSS attacks via HTML tags when creating or editing dashboards. No detailed vulnerability details are currently available...

CVE-2020-13321

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...

Format string

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...

UBUNTU-CVE-2020-13321

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...

CVE-2020-13321

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...

CVE-2020-13321

Removed by vendor...

CVE-2020-13321

CVE-2020-13321 affects GitLab versions prior to 13.1 where username format restrictions can be bypassed, allowing HTML tags to be added. This is caused by insufficient validation of usernames, per multiple connected sources. Impact is partial confidentiality/integrity exposure as per CVSS metrics...

PT-2020-13462 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1 Description: A vulnerability was discovered that allows username format restrictions to be bypassed, enabling the addition of html tags. Recommendations: For versions prior to 13.1, update to version 13.1 or late...

CVE-2020-12815

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields...

Cross site scripting

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting XSS via the Identify Provider name field...

Input validation

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors...

CVE-2020-12811

Fortinet FortiManager 6.2.0/6.2.1/6.2.2/6.2.3 and FortiAnalyzer 6.2.0/6.2.1/6.2.2/6.2.3 are affected by CVE-2020-12811 due to improper neutralization of script-related HTML tags, enabling cross-site scripting via the Identify Provider name field. Root cause: script tags not correctly sanitized in...

CVE-2020-12815

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields...

CVE-2020-12815

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields...