Lucene search
+L

128 matches found

CVE
CVE
added 2024/07/02 12:0 a.m.55 views

CVE-2024-39143

CVE-2024-39143 describes a stored cross-site scripting (XSS) vulnerability in ResidenceCMS 2.10.1. A low-privilege user can save malicious HTML in a property content field, which is then stored and rendered on secondary views, potentially triggering payloads (including when visited by an administ...

5.4CVSS4.9AI score0.00928EPSS
Exploits3References1Affected Software1
NVD
NVD
added 2024/05/15 5:15 p.m.17 views

CVE-2024-27593

A stored cross-site scripting XSS vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name field. This vulnerability has been fixed in version 3.23.0...

5.4CVSS5.3AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.3 views

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS version v2.1.0, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...

6.1CVSS5.8AI score0.00435EPSS
Exploits1References2
0day.today
0day.today
added 2024/04/12 12:0 a.m.237 views

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect Vulnerabilities

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities. Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 Exploit Author: Andrey Stoykov Version: 9.2.7 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com...

6.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2024/03/07 2:15 a.m.7 views

CVE-2022-46089

Cross Site Scripting XSS vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter...

6.1CVSS6.1AI score0.00386EPSS
Exploits0References2
Prion
Prion
added 2024/02/08 8:15 p.m.11 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS5.7AI score0.00397EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/12/29 12:15 p.m.16 views

CVE-2023-41814

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. Through an HTML payload iframe tag it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This...

6.1CVSS0.0026EPSS
Exploits0References1
Prion
Prion
added 2023/12/29 12:15 p.m.18 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. Through an HTML payload iframe tag it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This...

5.8CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/29 11:45 a.m.25 views

CVE-2023-41814 XSS Vulnerability Messages

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. Through an HTML payload iframe tag it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This...

3.7CVSS6AI score0.0026EPSS
Exploits0References1
Huntr
Huntr
added 2023/08/05 10:21 p.m.12 views

HTML Injection - real Aptabase emails

Description Due to lack of validation Name field during registration, bad actor can send emails with HTML injected code to the victims. Proof of Concept Payload example: Jameees Repro steps: Go to https://eu.aptabase.com/auth/register and for field 'Name' use payload with HTML. Open email from...

7AI score
Exploits0References2
GithubExploit
GithubExploit
added 2023/08/01 11:40 a.m.389 views

Exploit for Cross-site Scripting in Ninjaforms Ninja_Forms

CVE-2023-37979 Exploit !Python Versionhttps://img.shields...

7.1CVSS6.4AI score0.0601EPSS
Exploits6
Prion
Prion
added 2023/07/06 3:15 p.m.17 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS5.2AI score0.00384EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/07/06 3:15 p.m.19 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS5.2AI score0.00343EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/10 6:30 a.m.40 views

XXL-JOB vulnerable to Cross-site Scripting

XXL-JOB com.xuxueli:xxl-job versions 2.4.0 and earlier are vulnerable to cross-site scripting XSS. An HTML uploaded payload can be executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

6.1CVSS5.8AI score0.00463EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/04/10 6:30 a.m.57 views

GHSA-4J2P-X79M-JCJ8 XXL-JOB vulnerable to Cross-site Scripting

XXL-JOB com.xuxueli:xxl-job versions 2.4.0 and earlier are vulnerable to cross-site scripting XSS. An HTML uploaded payload can be executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

6.1CVSS5.5AI score0.00463EPSS
Exploits1References3
OSV
OSV
added 2023/04/10 5:15 a.m.7 views

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

6.1CVSS6.3AI score0.00463EPSS
Exploits1References1
Prion
Prion
added 2023/04/10 5:15 a.m.17 views

Hardcoded credentials

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

5.8CVSS6.2AI score0.00463EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/10 5:0 a.m.8 views

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

5.4CVSS6.7AI score0.00463EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/10 5:0 a.m.43 views

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

5.4CVSS6.5AI score0.00463EPSS
Exploits1References1
CVE
CVE
added 2023/04/10 5:0 a.m.55 views

CVE-2023-26120

CVE-2023-26120 affects com.xuxueli:xxl-job; multiple sources confirm an HTML payload can be executed via /xxl-job-admin/user/add and /xxl-job-admin/user/update, enabling cross-site scripting (XSS). Affected versions include 2.4.0 and earlier, with the issue originating from unsafe handling of HTM...

6.1CVSS6.2AI score0.00463EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder