CVE-2022-36433

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting.The vulnerability exists in the sanitise function of HTMLEditorSanitiser.php because of using white space characters in HTMLEditor which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting. The vulnerability exists in the sanitise function of HTMLEditorSanitiser.php because of uppercase characters in HTMLEditor which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

Silverstripe is vulnerable to cross-site scripting.The vulnerability exists in $allowedextensions array of File.php because of uploading .gpx files which allows an attacker to inject and execute malicious javaScript...

Ecommerce 1.0 Cross Site Scripting / Open Redirect

Title: Ecommerse-1.0 XSS-Reflected Hijack-credentials - JavaScript Injection Author: nu11secur1ty Date: 11.23.2022 Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference:...

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to cross-site scripting. The vulnerability exists due to unsanitized outputs in the pagereport.php, allowing an attacker to inject and execute malicious JavaScript...

WordPress plugin Follow Me Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Follow Me Plugin 3.1.1 and...

Cross-Site Scripting (XSS)

github.com/phachon/mm-wiki is vulnerable to cross-site scripting. The vulnerability exists in the create new space page when sending a POST because the inputs are not properly sanitized which allows an attacker to inject and execute javascript...

IBM Cloud Pak for Security 跨站脚本漏洞

IBM Cloud Pak for Security is an application from International Business Machines IBM, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated actions faster.IBM Cloud Pak for Security has a security vulnerability th...

ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname

Critical severity. It is possible to inject JavaScript XSS in the content type entries "name" and "short name". To exploit this, one must already have permission to edit content types, which limits it in many cases to people who are already administrators. However, please verify which users have...

CVE-2022-31688

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting XSS vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window...

PT-2022-24950 · Unknown · Octocat.Js

Name of the Vulnerable Software and Affected Versions: octocat.js versions prior to 1.2 Description: The issue concerns JavaScript injection via user-provided URLs. Users can include their own images for accessories via provided URLs, which are not validated, resulting in the potential execution ...

Cross-site Scripting (XSS)

github.com/eolinker/apinto-dashboard is vulnerable to cross-site scriptingXSS attacks. A remote authenticated attacker is able to inject and execute malicious javascript on the victim's machine via the argument callbacks in the /login file...

CVE-2022-39016

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

CVE-2022-39016

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

CVE-2022-39016 Javascript injection in PDFtron in M-Files Hubshare

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

CVE-2022-39016

The CVE-2022-39016 issue affects M‑Files Hubshare prior to 3.3.10.9, where a Javascript injection in PDFtron enables an authenticated attacker to perform an account takeover via a crafted PDF upload. Impact is described as takeover with high confidentiality, integrity, and availability implicatio...

CVE-2022-39024

U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...