Cross site scripting

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter...

CVE-2022-35587

Summary: ForkCMS 5.9.3 is affected by a cross-site scripting (XSS) flaw that allows remote injection of JavaScript via the publish_on_date parameter. The issue is described across multiple sources and is attributed to the handling of the spoon library charset in Kernel.php (defineForkConstants). ...

CVE-2022-35589

Summary: CVE-2022-35589 is a cross-site scripting (XSS) vulnerability in ForkCMS v5.9.3 that allows remote attackers to inject JavaScript via the publish_on_time parameter. The issue has several public entries (NVD, Red Hat, Veracode, GHSA) describing the same vector and confirm the vulnerable co...

CVE-2022-35589

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter...

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

Users of Apple’s Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track ‘every single tap’ users make with external websites accessed via the software. Researcher Felix Krause, who outlined how Meta tracks users in a blog posted...

PT-2022-22911 · Fork Cms · Fork Cms

Name of the Vulnerable Software and Affected Versions: ForkCMS versions prior to 5.11.0 Description: A stored cross-site scripting XSS issue allows remote attackers to inject JavaScript via the start date Parameter. This issue was patched in version 5.11.0. Recommendations: For ForkCMS versions...

PT-2022-22913 · Fork · Fork

Name of the Vulnerable Software and Affected Versions: Fork version 5.9.3 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via the publish on time Parameter. This issue was patched in version 5.11.0, which means all versions prior to 5.11.0 are affected...

PT-2022-22914 · Fork Cms · Fork Cms

Name of the Vulnerable Software and Affected Versions: ForkCMS version 5.9.3 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via the end date Parameter. This issue was patched in version 5.11.0, which implies that versions prior to 5.11.0 are affected...

ForkCMS 跨站脚本漏洞

ForkCMS is a software application. An easy-to-use open source CMS using Symfony components. A security vulnerability exists in ForkCMS version 5.9.3. A remote attacker can exploit this vulnerability to inject JavaScript via the "publishontime" parameter...

PT-2022-22912 · Fork · Fork

Name of the Vulnerable Software and Affected Versions: Fork version 5.9.3 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript via the publish on date Parameter. This issue was patched in version 5.11.0, which means all versions prior to 5.11.0 are affected...

CVE-2022-2391

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description...

CVE-2022-2391

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description...

CVE-2022-2391

CVE-2022-2391 affects the Inspiro PRO WordPress plugin. The issue stems from inadequate sanitization of the portfolio slider description, enabling stored cross-site scripting where users with privileges as low as Contributor can inject JavaScript. Affected: Inspiro PRO WordPress plugin versions e...

WordPress plugin Inspiro PRO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. The WordPress plugin Inspiro PRO suffe...

PT-2022-22318 · Synel +1 · Eharmony +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allows an attacker to inject HTML or JavaScript code into a vulnerable input field. To reach the vulnerable input, an attacker would navigate to Workers worker nickname, and...

CVE-2022-34768

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

CVE-2022-36967

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...

Progress WS_FTP Server 跨站脚本漏洞

Progress WSFTP Server is an effective and highly manageable FTP server from Progress. A security vulnerability exists in Progress WSFTP Server versions prior to 8.7.3, which originates from a remote attacker who can utilize its web management interface to inject arbitrary JavaScript into a WSFTP...

Cross-site Scripting (XSS)

github.com/velocidex/velociraptor is vulnerable to cross-site scripting. The vulnerability exists in multiple functions in artifacts/syntax.js because the variables are not properly escaped in artifact collection report which allows an attacker to inject and execute malicious javascript...

PT-2022-20920 · Ibm · Ibm Datapower Gateway

Name of the Vulnerable Software and Affected Versions: IBM DataPower Gateway versions 10.0.1.0 through 10.0.1.8 IBM DataPower Gateway versions 10.0.2.0 through 10.0.4.0 IBM DataPower Gateway version 10.5.0.0 IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.21 Description: This issue...