CVE-2022-4862

CVE-2022-4862 affects M-Files Web and M-Files New Web versions before 22.12.12140.3. The vulnerability arises from rendering HTML provided by another authenticated user in the browser, which can lead to the disclosure of user-sensitive information. Public documents consistently describe this as a...

CVE-2022-4862 XSS vulnerability in M-Files Web

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3...

M-Files Web 跨站脚本漏洞

M-Files Web is an intelligent information management platform from M-Files USA, Inc. It is used to optimally support users in their daily work. A security vulnerability exists in M-Files New Web versions prior to 22.12.12140.3, which stems from the ability to render HTML provided by another...

SUSE CVE-2022-21690

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...

CVE-2022-39259 Jadx-gui subject to Denial of Service via Swing HTML rendering

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...

GHSA-RV3R-VQJJ-8C76 Cross-site scripting from content entered in the tags and multiselect fields

Introduction Cross-site scripting XSS is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such...

Cross-site scripting from content entered in the tags and multiselect fields

Introduction Cross-site scripting XSS is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such...

PT-2022-28279 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.5.8.1 Kirby versions prior to 3.6.6.1 Kirby versions prior to 3.7.4 Description: Cross-site scripting XSS allows the execution of JavaScript code inside the Panel session of the same or other users. This vulnerabilit...

CVE-2022-36037

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

Cross site scripting

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

CVE-2022-36037 Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

CVE-2022-36037 Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

CVE-2022-36037 Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

Improper handling of email input

Impact An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: [email protected], Before signing in, claim your money!. This was previously sent to...

CVE-2022-31127 Improper handling of email input in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...

Unrestricted File Upload in Part Attachment

Description The application inventree allows users to upload any file in part attachment allowing attacker to render files such as HTML in the browser. Proof of Concept Video PoC Link: https://drive.google.com/file/d/1vurBkHegeYCwbXopE5Yhyb702rYgG9FM/view?usp=sharing...

GHSA-QF2G-MRRX-RR5P Drupal Core Cross-site scripting vulnerability

Cross-site scripting vulnerability in Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6...

GHSA-4Q58-5X28-53WV phpMyAdmin Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to 1 libraries/tbllinks.inc.php and...

phpMyAdmin Vulnerable to Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to 1 libraries/tbllinks.inc.php and...