Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting var form1 = document.getElementById'hack'; form1.submit;...

Photo Gallery by Supsystic < 1.15.6 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

The plugin does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as...

Tracked Tweets <= 0.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have SCRF check when updating its settings, as well as does not sanitise and escape them when outputting them back. This could allow attackers to make a logged in admin update them to arbitrary values, including XSS payloads, via a CSRF attack ' /...

Country Selector < 1.6.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting " / " /...

Web Site Accepts Credit Card Data

The remote web server contains at least one HTML form field that has an input of type 'cc-number' or similar. While this does not represent a risk to this web server per se, it does mean that the website may be accepting payment information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

ULeak Security & Monitoring <= 1.2.3 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings ...

FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in...

Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not sanitise and escape the formid parameter before outputting it back in the response of an unauthenticated request via the givecheckoutlogin AJAX action, leading to a Reflected Cross-Site Scripting As an unauthenticated user: alert/XSS/' / var form1 =...

LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the rulloginurl and rullogouturl parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

CVE-2021-41156

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

CVE-2021-41156

The CVE-2021-41156 issue affects anuko/timetracker (Time Tracker). In versions prior to 1.19.30.5601, a browser_today hidden control exposes the user’s date and can be exploited by crafting a malicious HTML form to trigger attacker-supplied JavaScript in the user’s browser via social engineering....

DRK Odenwaldkreis Testerfassung Cross-Site Scripting Vulnerability

DRK Odenwaldkreis Testerfassung is an open source solution for obtaining and recording rapid test results for corona antigens.A cross-site scripting vulnerability exists in DRK Odenwaldkreis Testerfassung March-2021, which can be exploited by attackers to inject arbitrary web script or HTML via a...

CVE-2021-35061

Multiple cross-site scripting XSS vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components...

CVE-2021-35061

The CVE-2021-35061 issue concerns DRK Odenwaldkreis Testerfassung March-2021, with multiple XSS vulnerabilities. The vulnerability type is cross-site scripting, allowing remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields across all components. Root caus...

in froxlor/froxlor

✍️ Description The login form POST request can be hijacked so that the credentials will be sent to an external website, by modifying the login page URL. 🕵️‍♂️ Proof of Concept Change the login page URL to https://mydomain.com/index.php/evilsite.com Then the form action in the webpage will be...

JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

Impact Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook. Patches Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21. References OWASP Page on Restricting Form Submissions For more information If you have...

CBX Bookmark & Favorite < 1.6.9 - Reflected Cross-Site Scripting

The plugin does not escape a page parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS/' / alert/XSS/' /...

CVE-2021-32797 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html . Using this it is possible to trigger the form...

CVE-2021-32797

CVE-2021-32797 (JupyterLab) is a remote code execution vulnerability where untrusted notebooks can run code on load due to lack of sanitization of the HTML form action attribute. Exploitation requires the user to open a specially crafted notebook, i.e., user action is required. Public sources in ...