881 matches found
CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...
CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
CVE-2022-2413
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...
CVE-2022-2413
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...
Design/Logic Flaw
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...
CVE-2024-0554
A Cross-site scripting XSS vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diagsirlearn.asp', allowing the attacker to retrieve the session details of another user...
Cross site scripting
A Cross-site scripting XSS vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diagsirlearn.asp', allowing the attacker to retrieve the session details of another user...
CVE-2024-0554 Cross-site scripting (XSS) vulnerability on WIC1200
A Cross-site scripting XSS vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diagsirlearn.asp', allowing the attacker to retrieve the session details of another user...
CVE-2024-0318
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded...
CVE-2024-0318
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded...
Cross site scripting
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded...
Cross site scripting
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 'sfname' parameters to an authenticated user to retrieve their session details...
Cross site scripting
Cross-Site Scripting in FireEye Malware Analysis AX affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user...
CVE-2024-0320 Cross-Site Scripting in FireEye Malware Analysis (AX)
Cross-Site Scripting in FireEye Malware Analysis AX affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user...
CVE-2024-0318 Cross-Site Scripting in FireEye HXTool
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded...
CVE-2024-0317 Cross-Site Scripting in FireEye EX
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 'sfname' parameters to an authenticated user to retrieve their session details...
CVE-2024-0317 Cross-Site Scripting in FireEye EX
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 'sfname' parameters to an authenticated user to retrieve their session details...
WP SEO Press < 7.3 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=seopress-titles. 2...
CVE-2023-6769
Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lpadmin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution...
Cross site scripting
Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lpadmin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution...