CVE-2021-3529

CVE-2021-3529 affects noobaa-core prior to 5.7.0. The vulnerability stems from unmodified echoing of an arbitrarily named URL into HTML, allowing inline arbitrary JavaScript to be injected via the application response (cross‑site scripting risk). Affected component: noobaa-core; description consi...

Seo Panel 4.8.0 - 'category' Reflected XSS

Exploit Title: Seo Panel 4.8.0 - 'category' Reflected XSS Date: 22-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28418...

Hundred Plus 101EIP system cross-site scripting vulnerability

Hundred Plus 101EIP system is a cloud-based office platform of Taiwan Hundred Plus Corporation Hundred Plus, which is the result of the experience of many enterprises. A cross-site scripting vulnerability exists in the Hundred Plus 101EIP system, which originates from the system adding a bulletin...

Seo Panel 4.8.0 - (category) Reflected XSS Vulnerability

Exploit Title: Seo Panel 4.8.0 - 'category' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28418 -Description: A...

Seo Panel 4.8.0 - (from_time) Reflected XSS Vulnerability

Exploit Title: Seo Panel 4.8.0 - 'fromtime' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28420 -Description: A cross-site scripting XSS issue in Seo Panel 4.8.0 allows remote attackers ...

Seo Panel 4.8.0 Cross Site Scripting

Exploit Title: Seo Panel 4.8.0 - 'searchname' Reflected XSS Date: 21-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28417...

Seo Panel 4.8.0 - (search_name) Reflected XSS Vulnerability

Exploit Title: Seo Panel 4.8.0 - 'searchname' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28417 -Description: A...

CVE-2020-4354

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field

The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...

IBM WebSphere Exteme Scale Cross-Site Scripting Vulnerability

IBM WebSphere Exteme Scale is a resilient, highly scalable in-memory data grid from IBM USA. It can provide predictable responsiveness to meet exponential demands on data. A cross-site scripting vulnerability exists in IBM WebSphere Exteme Scale Liberty, which stems from a lack of proper validati...

Cross site scripting

Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack...

Hundred Plus 101EIP 跨站脚本漏洞

The Hundred Plus 101EIP system is a cloud-based office platform from Taiwan-based Hundred Plus Corporation Hundred Plus that has been optimized by gathering the experience of many enterprises. 101EIP suffers from a cross-site scripting vulnerability that stems from the calendar add event feature...

Postbird 0.8.4 - Javascript Injection Exploit

Exploit Title: Postbird 0.8.4 - Javascript Injection Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload PostgreSQL Password...

Gris CMS Cross-Site Scripting Vulnerability

Gris CMS is a flat file CMS for developers and Markdown enthusiasts. A cross-site scripting vulnerability exists in Gris CMS v0.1, which stems from a lack of proper validation of client data in the web application, and can be exploited by an attacker to inject malicious JavaScript code to steal...

OpenWrt LuCI Web接口跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability in the web interface of OpenWRT LuCI version 19.07 allows attackers to inject arbitrary Javascript into OpenWRT hostnames via a hostname change operation...

Mediat Cross-Site Scripting Vulnerability

Mediat is a responsive media CMS. A cross-site scripting vulnerability exists in Mediat version 1.4.1, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to inject malicious JavaScript code to steal user credentials...

Mediat 跨站脚本漏洞

Mediat is a responsive media CMS. A cross-site scripting vulnerability exists in Mediat version 1.4.1, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to inject malicious JavaScript code to steal user credentials...

Cross-site Scripting (XSS)

vrana/adminer is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser via a link argument in the function doclink...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-37282)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the Store...