128 matches found
CVE-2024-39143
CVE-2024-39143 describes a stored cross-site scripting (XSS) vulnerability in ResidenceCMS 2.10.1. A low-privilege user can save malicious HTML in a property content field, which is then stored and rendered on secondary views, potentially triggering payloads (including when visited by an administ...
CVE-2024-27593
A stored cross-site scripting XSS vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name field. This vulnerability has been fixed in version 3.23.0...
BoidCMS 安全漏洞
BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS version v2.1.0, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...
Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect Vulnerabilities
Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities. Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 Exploit Author: Andrey Stoykov Version: 9.2.7 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com...
CVE-2022-46089
Cross Site Scripting XSS vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-41814
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. Through an HTML payload iframe tag it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. Through an HTML payload iframe tag it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This...
CVE-2023-41814 XSS Vulnerability Messages
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. Through an HTML payload iframe tag it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This...
HTML Injection - real Aptabase emails
Description Due to lack of validation Name field during registration, bad actor can send emails with HTML injected code to the victims. Proof of Concept Payload example: Jameees Repro steps: Go to https://eu.aptabase.com/auth/register and for field 'Name' use payload with HTML. Open email from...
Exploit for Cross-site Scripting in Ninjaforms Ninja_Forms
CVE-2023-37979 Exploit !Python Versionhttps://img.shields...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
XXL-JOB vulnerable to Cross-site Scripting
XXL-JOB com.xuxueli:xxl-job versions 2.4.0 and earlier are vulnerable to cross-site scripting XSS. An HTML uploaded payload can be executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...
GHSA-4J2P-X79M-JCJ8 XXL-JOB vulnerable to Cross-site Scripting
XXL-JOB com.xuxueli:xxl-job versions 2.4.0 and earlier are vulnerable to cross-site scripting XSS. An HTML uploaded payload can be executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...
CVE-2023-26120
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...
Hardcoded credentials
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...
CVE-2023-26120
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...
CVE-2023-26120
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...
CVE-2023-26120
CVE-2023-26120 affects com.xuxueli:xxl-job; multiple sources confirm an HTML payload can be executed via /xxl-job-admin/user/add and /xxl-job-admin/user/update, enabling cross-site scripting (XSS). Affected versions include 2.4.0 and earlier, with the issue originating from unsafe handling of HTM...