Design/Logic Flaw

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered...

CVE-2021-25964 Stored Cross-Site Scripting (XSS) in Calibre-web via Description Field in Metadata

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered...

CVE-2021-40966

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user...

CVE-2021-33483

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...

WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting XSS Date: 02/09/2021 Exploit Author: Nikhil Kapoor Software Link: https://wordpress.org/plugins/duplicate-page/ Version: 4.4.1 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1...

CVE-2021-24445

The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...

WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting XSS Date: 2021-08-06 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/picture-gallery/ Version: 1.4.2 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

SMS Alert Order Notifications – WooCommerce < 3.4.7 Authenticated Cross Site Scripting

The plugin is affected by a cross site scripting XSS vulnerability in the plugin's setting page. PoC Enter the payload below for the "SMS Alert Username" in the plugin's settings. "+onfocus="alert1"+autofocus=" You will observe that the JavaScript payload successfully got reflected is and we are...

CVE-2021-20112

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tceselectmediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tceselectmediafile.php could upload a malicious javascript payload which would b...

CVE-2021-20111

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

CVE-2021-20112

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tceselectmediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tceselectmediafile.php could upload a malicious javascript payload which would b...

Cross site scripting

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

NCH IVM Attendant Cross-Site Scripting Vulnerability (CNVD-2021-55903)

NCH IVM Attendant is a complete voicemail, call attendant and IVR solution for Windows. a security vulnerability exists in NCH IVM Attendant due to a lack of comprehensive input validation, which can be exploited by an authenticated attacker to inject a JavaScript cross-site scripting payload int...

NCH IVM Attendant Cross-Site Scripting Vulnerability (CNVD-2021-55901)

NCH IVM Attendant is a complete voicemail, call attendant and IVR solution for Windows. a security vulnerability exists in NCH IVM Attendant due to a lack of comprehensive input validation, which can be exploited by an authenticated attacker to inject a JavaScript cross-site scripting payload int...

NCH IVM Attendant 跨站脚本漏洞

NCH IVM Attendant is a complete voicemail, call attendant and IVR solution for Windows. a security vulnerability exists in NCH IVM Attendant due to a lack of comprehensive input validation, which can be exploited by an authenticated attacker to inject a JavaScript cross-site scripting payload int...

Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. PoC 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...

KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS

The plugin was vulnerable to Authenticated Stored XSS in the separator field. PoC 1. Install WordPress 5.7.2 2. Install and activate KN Fix Your Title 3. Navigate to Fix Title under Settings Tab Click on I have done this and enter the XSS payload into the Separator input field. 4. Click Save...

KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS

The plugin was vulnerable to Authenticated Stored XSS in the separator field. 1. Install WordPress 5.7.2 2. Install and activate KN Fix Your Title 3. Navigate to Fix Title under Settings Tab Click on I have done this and enter the XSS payload into the Separator input field. 4. Click Save Changes...

WordPress Plugin Mimetic Books 0.2.13 - &#039;Default Publisher ID field&#039; Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting XSS Date: 18/07/2021 Exploit Author: Vikas Srivastava Vendor Homepage: Software Link: https://wordpress.org/plugins/mimetic-books/ Version: 0.2.13 Category: Web Application Tested on Ma...

Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Custom Book 3...