Stored Cross-site Scripting (XSS)

pyrocms/pyrocms is vulnerable to stored cross-site scriptingXSS. The library allows a low privileged user to inject a malicious Javascript payload in a blog post, which then get executed when the affected blog post is loaded on the victim’s browser...

PT-2022-24049 · Pyrocms · Pyrocms

Name of the Vulnerable Software and Affected Versions: PyroCMS version 3.9 Description: The issue allows a low-privileged user, such as an author, to inject crafted HTML and JavaScript payload in a blog post, leading to full admin account takeover or privilege escalation. This is a stored Cross...

CVE-2022-37720

Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting XSS. When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is load...

Optica 代码问题漏洞

Optica is an Airbnb open source service for registering and locating nodes. A code issue vulnerability exists in Optica versions prior to 0.10.2. An attacker exploited the vulnerability to execute arbitrary code via a specially crafted JSON payload...

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

CVE-2022-38145

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...

GHSA-66JF-XM2M-7M8R Stored XSS in Compare Mode

A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view. This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that...

PT-2022-24237 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions through 4.11 Description: The issue allows remote attackers to execute a Javascript payload in the versioned history compare view by adding it to a page's meta description. This can be done by a...

GHSA-QW4W-VQ8V-2WCV Stored XSS using uppercase characters in HTMLEditor

A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...

Stored XSS using uppercase characters in HTMLEditor

A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...

Silverstipe CMS Stored XSS in custom meta tags

A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut. This requires CMS access to exploit...

GHSA-PP74-G2Q5-J4JF Silverstipe CMS Stored XSS in custom meta tags

A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut. This requires CMS access to exploit...

XSS via uploaded gpx file

A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data. By default, Silverstripe CMS will no longer all...

GHSA-VV3R-FXQP-VR3F XSS via uploaded gpx file

A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data. By default, Silverstripe CMS will no longer all...

PT-2022-23986 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/cms versions 4.11.0 and earlier Description: The issue allows for XSS Cross-Site Scripting attacks. A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would...

Easy Form Builder < 3.4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to New Form » go to the Settings...

Cross-site Scripting (XSS)

spark-core2.12 is vulnerable to cross-site scripting. The vulnerability exists because the loadMore function of log-view.js does not properly escape the log content rendered in UI, allowing an attacker to inject and execute a malicious JavaScript payload into the logs...

Cross-site Scripting (XSS)

Zinc is vulnerable to cross-site scripting. The vulnerability exists due to the delete template functionality in User.vue incorrectly escaping the id attribute before being rendered, allowing an attacker to inject and execute a malicious JavaScript payload...

Cross-site Scripting (XSS)

Zinc is vulnerable to cross-site scripting. The vulnerability exists because the delete template functionality in Template.vue incorrectly escapes the name attribute before being rendered, allowing an attacker to inject and execute a malicious JavaScript payload...

Cross site scripting

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s...