5082 matches found
Cross-site Scripting (XSS)
phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of HTML elements validation in login.php, which allows an attacker to inject and execute malicious JavaScript into the browser...
Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 44, 9.x < 9.0.0 Patch 37, 10.0.x < 10.0.5 Multiple Vulnerabilities
According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - A security related issue has been fixed to prevent javascript injection through help files. CVE-2007-1280 - A security related issue has been fixed which impacted one of...
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
GO-2023-2114 Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml
The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP context durin...
GHSA-FGJJ-5JMR-GH83 Fides JavaScript Injection Vulnerability in Privacy Center URL
Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to no...
PT-2023-8372 · Ibm · Ibm Security Verify Governance
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...
nodejs: code injection via WebAssembly export names
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module...
SUSE CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2023-82675)
Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce prior to version 2.4.7, which stems from the application's lack of effective...
CVE-2023-5087
The CVE-2023-5087 vulnerability affects the WordPress Page Builder: Pagelayer plugin prior to version 1.7.8. According to connected sources, users with author-level privileges (or higher) could inject malicious JavaScript into a post’s header or footer via the PageLayer editor, leading to a store...
UBUNTU-CVE-2023-5421
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
2023 Mount Carmel School 6.4.1 Cross Site Scripting
Title: 2023-Mount-Carmel-School-6.4.1 XSS-Reflected - User Interaction Author: nu11secur1ty Date: 10/14/2023 Vendor: https://smart-school.in/ Software: https://demo.smart-school.in/site/userlogin Reference: https://portswigger.net/kb/issues/00200300cross-site-scripting-reflected Description: The...
PT-2023-15879 · Classlink · Classlink Oneclick Extension
Name of the Vulnerable Software and Affected Versions: ClassLink OneClick Extension versions through 10.7 Description: A Universal Cross Site Scripting UXSS issue allows remote attackers to inject JavaScript into any webpage. This is because a regular expression, which validates whether a URL is...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
CVE-2022-48612
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression validating whether a URL is controlled by ClassLink is not present in all applicable places...
SAML Cross-Site Scripting Vulnerability
SAML is a library for Ross Kinder individual developers that contains a partial implementation of the saml standard in golang. That is, it allows third parties to authenticate your users, or allows third parties to rely on us to authenticate their users. A cross-site scripting vulnerability exist...
ClassLink Cross-Site Scripting Vulnerability
ClassLink is a provider of identity and access management products from ClassLink, Inc. that provide instant access to applications and files through SSO, class scheduling, account configuration, and more. A security vulnerability exists in ClassLink OneClick Extension version 10.7 that stems fro...
Node.js Security Vulnerabilities
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 18.x and 20.x that originates in the WebAssembly module where JavaScript code can be injected via maliciously crafted export names...