UBUNTU-CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR 91.9.1...

UBUNTU-CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR 91.9.1...

Zoo Management System 跨站脚本漏洞

A cross-site scripting vulnerability exists in Zoo Management System version 1.0, a zoo management system. The vulnerability stems from a lack of data validation filtering of user-supplied data and output by adminname. An attacker could exploit this vulnerability to execute JavaScript code on the...

CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

WordPress Plugin WP Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Slider plugin 1.4.5 and previous versions have a cross-site scripting vulnerability that...

Pix-Link MiNi Router 28K.MiniRouter.20190211跨站脚本漏洞

Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link China.Pix-Link MiNi Router 28K.MiniRouter.20190211 is vulnerable to a cross-site scripting vulnerability that originates from an unprocessed SSID parameter. An attacker could exploit the vulnerability to execute JavaScript cod...

Cross-Site Scripting (XSS)

octoprint is vulnerable to cross-site scripting. The vulnerability exists in webcam stream test due to lack of sanitization which allows a malicious attacker to inject and execute arbitrary javascript...

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system from Carlo Montero's personal developer. Online Sports Complex Booking System is vulnerable to a cross-site scripting vulnerability that originates in /scbs/classes/Users. php?f=saveclient lacks a validation filter for...

Cross-Site Scripting (XSS)

total.js is vulnerable to stored cross-site scripting. The vulnerability exists in upload function due to lack of sanitization which allows an attacker to execute arbitrary javascript via a javascript embedded PDF file...

Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

Terminalfour 跨站脚本漏洞

Terminalfour is a digital marketing and web content management platform for higher education from Terminalfour, Inc. A cross-site scripting vulnerability exists in versions prior to Terminalfour 8.3.8, which could be exploited by attackers to execute JavaScript code...

Stored XSS on drawio

Sumary Draw io has a feature to put links on a text, due to a bad sanitization it allows to put javascript:// scheme on a anchor tag which allows to execute javascript code Steps to reproduce 1. Create a text box and set word size to 50 2. Click with the rigth button and "Edit link" 3. Put...

GHSA-QQR6-VM23-M488 Galaxy cross-site scripting (XSS)

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

Galaxy cross-site scripting (XSS)

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

OctoberCMS Cross-Site Scripting

Cross-Site Scripting exists in OctoberCMS 1.0.425 aka Build 425, allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account...

CVE-2022-28818

ColdFusion versions CF2021U3 and earlier and CF2018U13 are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

CVE-2022-21238

A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability...

Cross site scripting

A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-21238

A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability...