881 matches found
CVE-2022-32172 Zinc - Cross-Site Scripting
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’...
CVE-2022-37028
ISAMS 22.2.3.2 is prone to stored Cross-site Scripting XSS attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application...
Cross site scripting
ISAMS 22.2.3.2 is prone to stored Cross-site Scripting XSS attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application...
CVE-2022-37028
ISAMS 22.2.3.2 is prone to stored Cross-site Scripting XSS attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application...
CVE-2022-37028
ISAMS 22.2.3.2 is prone to stored Cross-site Scripting XSS attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application...
TikTok: Stored XSS in the ticketing system
A Stored Cross-Site Scripting XSS vulnerability was found on a TikTok Seller endpoint, which could have resulted in a JavaScript payload injected into the endpoint causing it to be executed within the context of the victim's browser. We thank @codeslayer137 for reporting this to our team...
TikTok: XSS at TikTok Ads Endpoint
Vulnerability description not provided...
CVE-2022-34911
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is...
Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title
The plugin does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is disabled. An incomplete fix was introduced ...
UBUNTU-CVE-2022-35230
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...
MediaWiki < 1.35.7, 1.36.x < 1.37.3, 1.38.x < 1.38.1 XSS Vulnerability - Linux
MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-34911
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is...
Code injection
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is...
UBUNTU-CVE-2022-34911
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is...
CVE-2022-34911
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is...
CVE-2022-34911
CVE-2022-34911 affects MediaWiki up to versions before 1.35.7, 1.36.x before 1.37.3, and 1.38.x before 1.38.1. The issue allows XSS when a username containing JavaScript is not escaped after account creation, because SpecialCreateAccount::successfulAction() passes a message to showSuccessPage() a...
CVE-2022-34911
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is...
CVE-2022-34911
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is...
BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-62183)
BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A cross-site scripting vulnerability exists in BigBlueButton v2.4.7 and earlier versions, which stems from a lack of checksum filtering of user-supplied and output data in the chat feature. An attacker can...
CVE-2022-27238
BigBlueButton version 2.4.7 or earlier is vulnerable to stored Cross-Site Scripting XSS in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to t...