Thruk 跨站脚本漏洞

Thruk is an open source multi-backend monitoring web interface from the individual developer Sven Nierlein in Germany. Thruk 2.40-2 suffers from a security vulnerability that allows an attacker to inject arbitrary JavaScript into status.cgi, which triggers a payload every time an authenticated us...

Cross-site Scripting (XSS)

apostrophe is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in index.js allowing an attacker to insert arbitrary Javascript...

Mozilla Firefox Security Advisory (MFSA2020-05) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a data integration platform from IBM Corporation in the United States. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server has a security vulnerability that allows users to embed arbitrary...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Displayname' input field in 'Profiles' module is not properly encoded, which allows a malicious attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

camaleoncms is vulnerable to cross-site scripting. The library does not properly sanitize the post's comment section, allowing malicious users to inject and execute malicious javascript...

Small CRM 3.0 - (description) Stored Cross-Site Scripting Vulnerability

Exploit Title: Small CRM 3.0 - 'description' Stored Cross-Site Scripting XSS Exploit Author: Ghuliev Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: Ubuntu When a user or admin creates a ticket, we can inject javascript...

Small CRM 3.0 Cross Site Scripting

Exploit Title: Small CRM 3.0 - 'description' Stored Cross-Site Scripting XSS Date: 20/10/2021 Exploit Author: Ghuliev Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: Ubuntu When a user or admin creates a ticket, we can...

Cross-site Scripting (XSS) - Stored in archerysec/archerysec

Description The application is vulnerable to a Stored XSS attack. It is possible for an authenticated user to inject a JavaScript payload that will be executed in the web browser of the users viewing the concerned pages. When uploading a Burp scan, the XML field "issueBackground" of a vulnerabili...

CVE-2021-42335

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...

ShinHer StudyOnline System 跨站脚本漏洞

ShinHer StudyOnline System is a school administration system from ShinHer, a Chinese company. special characters in the title parameter. An attacker could use this vulnerability to inject JavaScript and execute a stored XSS attack after logging in with user privileges...

CVE-2021-38344

The Brizy Page Builder plugin = 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizyupdateitem AJAX action and adding JavaScript to th...

PT-2022-4661 · Otrs +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS affected versions not specified Description: The issue allows an attacker logged in as an admin user to manipulate the customer URL field, storing JavaScript code that can be executed later by any agent when clicking the customer URL lin...

Calibre-Web Cross-Site Scripting Vulnerability

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. A cross-site scripting vulnerability exists in the Calibre-web application versions v0.6.0 through v0.6.12, which can be exploited by an attacker to inject JavaScript exploit script into the...

CVE-2021-41567

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-41563

Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-41565

CVE-2021-41565 affects Tad Tools TadTools. The issue is a cross-site scripting vulnerability caused by insufficient validation of input on a special page parameter, enabling remote attackers to inject JavaScript without logging in and potentially perform reflective XSS. Primary impact is client-s...

Cross-Site Scripting (XSS)

djangounicorn is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript through component.name...

Zammad 跨站脚本漏洞

Zammad is a Web-based open source help desk/customer support system. An attacker could upload an attachment to a "work order" via an "article", which could be exploited to inject malicious JavaScript code...

CVE-2021-42044

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline,...