5912 matches found
CVE-2023-27489 Stored cross site scripting via SVG file upload in Kiwi TCMS
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code could execute. This...
CVE-2023-28447
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...
UBUNTU-CVE-2023-28447
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...
Cross site scripting
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
The vulnerability in the web interface of the IBM InfoSphere Information Server’s data integration software allows a perpetrator to execute arbitrary JavaScript code and gain unauthorized access to the protected resources.
The vulnerability of the web interface of the IBM InfoSphere Information Server software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and gain...
Stored Cross-Site Scripting (XSS)
moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of HTML sanitization in the the user ID when exporting to data formats supporting HTML which allows an attacker to inject and execute arbitrary JavaScript when a user clicks on the downloaded file. Not...
Music Gallery Site 1.0 Cross Site Scripting Vulnerability
Exploit Title: Music Gallery Site - Cross Site Scripting Vulnerability Authenticated Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16073/music-gallery-site-using-php-and-mysql-database-free-source-code.html Softwa...
CVE-2023-27592
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
Design/Logic Flaw
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
CVE-2023-27592
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
PT-2023-21232 · Miniflux · Miniflux
Name of the Vulnerable Software and Affected Versions: Miniflux versions 2.0.25 through 2.0.42 Description: The issue arises when Miniflux automatically proxies images served over HTTP to prevent mixed content errors. If an outbound request made by the Go HTTP client fails, the html.ServerError i...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
ARRIS DG3450 跨站脚本漏洞
The ARRIS DG3450 is a cable gateway from ARRIS America. The ARRIS DG3450 Cable Gateway suffers from a cross-site scripting vulnerability that stems from the presence of a reflective cross-site scripting vulnerability, which can be exploited by an attacker to execute arbitrary JavaScript code in t...
FreeBSD : Grafana -- Stored XSS in geomap panel plugin via attribution (e2a8e2bd-b808-11ed-b695-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2a8e2bd-b808-11ed-b695-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch,...
teler-waf 安全漏洞
teler-waf is a Go HTTP middleware that provides teler IDS functionality to prevent Web-based attacks and improve the security of Go-based Web applications. It is highly configurable and easy to integrate into existing Go applications. A security vulnerability exists in teler-waf versions prior to...