CVE-2020-22428

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting XSS via a directory name entered by an admin containing a JavaScript payload...

Cross site scripting

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting XSS via a directory name entered by an admin containing a JavaScript payload...

CVE-2020-22428

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting XSS via a directory name entered by an admin containing a JavaScript payload...

SolarWinds Serv-U FTP Server 跨站脚本漏洞

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the U.S. company SolarWinds. A cross-site scripting vulnerability exists in SolarWinds Serv-U versions prior to 15.1.6, which originates from being subject to cross-site scripting XSS via a directory name containin...

120 Compromised Ad Servers Target Millions of Internet Users

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike...

CVE-2021-30111

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...

CVE-2021-29661

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diagvalues.html Stored XSS via the ITEMLISTVALUESITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it...

CVE-2021-29661

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diagvalues.html Stored XSS via the ITEMLISTVALUESITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it...

CVE-2021-29661

CVE-2021-29661 affects Softing AG OPC Toolbox prior to or including 4.10.1.13035. The issue is a Stored XSS vulnerability in the page /en/diag_values.html, exploitable via the ITEMLISTVALUES##ITEMID parameter which injects JavaScript into the trace file. The payload is triggered whenever an authe...

CVE-2021-26715

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery SSRF vulnerability. The vulnerability arises due to unsafe usage of the logouri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP reque...

CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

Design/Logic Flaw

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

UBUNTU-CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

CVE-2021-21312 Stored XSS on documents

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

CVE-2021-21312

GLPI prior to 9.5.4 is affected by an XSS via the document upload Web Link field; unsanitized input can store JavaScript in the DB and execute when the link is opened. The vulnerability requires document-upload rights and results in popup execution or similar impact. Remediation: upgrade to GLPI ...

PT-2021-14410 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns a vulnerability within the document upload function, specifically the "Web Link" form field, which is not properly sanitized. This allows a malicious user with document upload right...

b2evolution 6.11.6 - 'tab3' Reflected XSS

Exploit Title: b2evolution 6.11.6 - 'tab3' Reflected XSS CVE: CVE-2020-22839 Date: 10/02/2021 Exploit Author: Nakul Ratti, Soham Bakore Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version...

WordPress Easy Contact Form 1.1.7 Cross Site Scripting

Exploit Title: WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting XSS Date: 14/01/2021 Exploit Author: Rahul Ramakant Singh Vendor Homepage: https://ghozylab.com/plugins/ Software Link: https://demo.ghozylab.com/plugins/easy-contact-form-plugin/ Version: 1.1.7 Tested on...

Cross site scripting

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored...