MTN Group: Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module

The Cross-site Scripting XSS vulnerability was discovered on http://h1b4e.n2.ips.mtn.co.ug:8080 via the Nginx module. The vulnerability allowed the injection of arbitrary JavaScript code through the URL, which could be executed in the victim's browser...

Web-School ERP Cross-Site Scripting Vulnerability (CNVD-2021-28278)

Web-School ERP is a school management software for schools and educational organizations. A stored cross-site scripting vulnerability exists in the Activity Name and Description fields in Web-School ERP version 5.0. An attacker can exploit the vulnerability to inject and execute JavaScript code...

Python Bleach 跨站脚本漏洞

Python Bleach is a Python based HTML cleanup library. Python Bleach suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trigger cross-site scripting in order to run JavaScript code in the context of a website...

CVE-2021-24206

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

CVE-2021-24202

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...

CVE-2021-24201

In the Elementor Website Builder WordPress plugin before 3.1.4, the column element includes/elements/column.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified...

CVE-2021-24176

The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard...

Design/Logic Flaw

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...

Design/Logic Flaw

In the Elementor Website Builder WordPress plugin before 3.1.4, the column element includes/elements/column.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

CVE-2021-24206

CVE-2021-24206 affects the Elementor Website Builder WordPress plugin prior to 3.1.4. The image box widget (image-box.php) accepts a title_size parameter that is not properly sanitized. An authenticated user with Contributor+ can submit a modified save_builder request containing JavaScript in tit...

CVE-2021-24201

Vulnerability summary (CVE-2021-24201): In the Elementor Website Builder WordPress plugin prior to 3.1.4, the column element (includes/elements/column.php) accepts an html_tag parameter. A user with Contributor+ permissions can send a modified save_builder request containing JavaScript in html_ta...

CVE-2021-1748

A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

Devolutions Server Cross-Site Scripting Vulnerability

Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. A cross-site scripting vulnerability exists in Devolutions Server versions prior to 2020.3 in entries of type "Document", which can be exploited by an...

F5 BIG-IP cross-site scripting vulnerability (CNVD-2021-29555)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trigger cross-site scripti...

Devolutions Server 跨站脚本漏洞

Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. A cross-site scripting vulnerability exists in Devolutions Server versions prior to 2020.3 in entries of type "Document", which can be exploited by an...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through adding new media. 🕵️‍♂️ Proof of Concept Payload: . 1. With an authenticated user, access: http://localhost/private/en/medialibrary/mediaitemindex. 2. Select the option Online movies Youtube, Vimeo, ... and click on Next. 3. Select any source...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-23381)

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in the statsBreakdown parameter in stats.php ...

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

pki-core: unsanitized token parameters in TPS resulting in stored XSS

It was found that the Token Processing Service TPS did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting XSS vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user...

MyBB 1.8.25 - Chained Remote Command Execution

Exploit Title: MyBB 1.8.25 - Chained Remote Command Execution Exploit Author: SivertPL [email protected] Date: 19.03.2021 Description: Nested autourl Stored XSS - templateset second order SQL Injection leading to RCE through improper string interpolation in eval. Software Link:...