Cross-site Scripting (XSS)

Overview x-data-spreadsheet is an a javascript xpreadsheet Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization of values inserted into the cells. PoC: Insert payload into a cell. Example payload: html " Details Cross-site scripting or XSS is a...

Cross site scripting

Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history...

DEBIAN-CVE-2022-24918

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all th...

CVE-2022-24432 ICSA-22-062-01 IPCOMM ipDIO

Persistent cross-site scripting XSS in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an...

Hayageek Jquery Upload File Cross-Site Scripting Vulnerability

Hayageek Jquery Upload File is a jQuery-based file upload plugin from Hayageek's personal developer. Hayageek Jquery Upload File v4.0.11 contains a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary web script or HTML via a specially crafted file with a...

Horde Groupware Webmail <= 5.2.22 XSS Vulnerability - Linux

Horde Groupware Webmail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-43X9-7HFV-MXRF jQuery-Upload-File XSS in fileNameStr

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

Cross site scripting

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

Hayageek Jquery Upload File跨站脚本漏洞

Hayageek Jquery Upload File is a jQuery-based file upload plugin from Hayageek's personal developer. Hayageek Jquery Upload File v4.0.11 contains a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary web script or HTML via a specially crafted file with a...

Xerox Versalink Denial Of Service Vulnerability

Xerox Versalink printers suffer from a remote denial of service vulnerability using a specially crafted TIFF payload. + Credits: Mahmoud Al-Qudsi + Website: https://neosmart.net/ + Source: https://neosmart.net/blog/?p=4865 + Media: https://twitter.com/mqudsi and https://twitter.com/neosmart Vendo...

CVE-2021-24423 UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraftservice settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue...

CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

UBUNTU-CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

CVE-2021-26247

CVE-2021-26247 affects Cacti. The vulnerability is a stored/reflected cross-site scripting in the auth_changepassword.php endpoint, where an unauthenticated remote user can supply a ref parameter containing a script tag to execute JavaScript in a victim’s browser. Impact described includes arbitr...

Cross-site Scripting (XSS)

oro/platform is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the translations management function which allows an attacker to inject javascript payload via the Upload translation file...

WordPress Typebot 1.4.3 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting XSS Authenticated Exploit Author: Mansi Singh Vendor Homepage: https://wordpress.org/plugins/typebot/ Software Link: https://wordpress.org/plugins/typebot/ Tested on Windows Reference:...

Cross-site Scripting in django-wiki

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

GHSA-3M3H-V9HV-9J4H Cross-site Scripting in django-wiki

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...