Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the SEO and Settings feature because it does not properly validate the HTML tags, which allows attackers to inject and execute malicious JavaScript into the browser...

Stored Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to adding media segment in the videoThumbnailUpdateAction function in SettingsController.php which allows an attacker to inject and execute JavaScript in the browser when viewing the video...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to the getTabPanel function in admin.js caused by the From and To fields when searching in the Application Logger module which allows an attacker to inject and execute arbitrary JavaScript...

Atlassian Jira 8.0.7 < 8.5.5 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.5, 8.6.0 prior to 8.8.2 or 8.9.0 prior to 8.9.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which allows remote attackers to inject arbitrary...

Cross-site Scripting (XSS)

sogo is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the NSString+Utilities.m of Mail Handler, allowing an attacker to inject and execute malicious javascript...

CVE-2023-0746 XSS Vulnerability in GigaVue-FM

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting...

iFAX AvantFAX 跨站脚本漏洞

iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from a stored cross-site scripting XSS vulnerability that can...

answer cross-site scripting vulnerability (CNVD-2023-31163)

answer is knowledge-based open source community software. You can use it to quickly build product technical support, customer support, user communication and other Q&A community. Answer versions prior to 1.0.6 have a cross-site scripting vulnerability that can be exploited by attackers to inject...

answer 跨站脚本漏洞

answer is knowledge-based open source community software. You can use it to quickly build product technical support, customer support, user communication and other Q&A community. Answer versions prior to 1.0.6 have a cross-site scripting vulnerability that can be exploited by attackers to inject...

CVE-2023-22856

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file...

CVE-2023-22857 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post...

CVE-2023-22856 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file...

BlogEngine 跨站脚本漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A security vulnerability exists in BlogEngine.NET version 3.3.8.0. An attacker exploits this vulnerability to inject arbitrary JavaScript in the secure environment of a blog visitor by...

PT-2023-18732 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: A stored Cross-site Scripting XSS vulnerability allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of santization in the GDPR export email address input, which allows an attacker to inject and execute arbitrary JavaScript into the system...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

PT-2023-21055 · Git +1 · Opencats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves improper neutralization of input during web page generation. This allows an unauthenticated attacker to submit malicious Javascript a...

Reflected Cross-site Scripting (XSS)

generator-hottowel is vulnerable to Reflected Cross-site Scripting XSS attacks. The library does not properly handle invalid calls to assets as it uses a custom 404 response object, allowing an attacker to inject and execute JavaScript through the app.use function in app/templates/src/server/app....

Metasploit Wrap-Up

Basic discover script improvements This week two improvements were made to the script/resource/basicdiscovery.rc resource script. The first update from community member samsepi0x0 allowed commas in the RHOSTS value, making it easier to target multiple hosts. Additionally, adfoster-r7 improved the...