5077 matches found
Mediat Cross-Site Scripting Vulnerability
Mediat is a responsive media CMS. A cross-site scripting vulnerability exists in Mediat version 1.4.1, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to inject malicious JavaScript code to steal user credentials...
Gris CMS Cross-Site Scripting Vulnerability
Gris CMS is a flat file CMS for developers and Markdown enthusiasts. A cross-site scripting vulnerability exists in Gris CMS v0.1, which stems from a lack of proper validation of client data in the web application, and can be exploited by an attacker to inject malicious JavaScript code to steal...
OpenWrt LuCI Web接口跨站脚本漏洞
OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability in the web interface of OpenWRT LuCI version 19.07 allows attackers to inject arbitrary Javascript into OpenWRT hostnames via a hostname change operation...
Mediat 跨站脚本漏洞
Mediat is a responsive media CMS. A cross-site scripting vulnerability exists in Mediat version 1.4.1, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to inject malicious JavaScript code to steal user credentials...
Cross-site Scripting (XSS)
vrana/adminer is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser via a link argument in the function doclink...
WordPress plugin cross-site scripting vulnerability (CNVD-2021-37282)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the Store...
CVE-2021-29503
HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...
Cross site scripting
HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...
CVE-2021-29503 Improper Neutralization of Script-Related HTML Tags in Notes
HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...
Cross-site scripting in jspdf
Overview In jspdf before version 2.0.0 it is possible to inject JavaScript code via the html method. Recommendation Upgrade to version 2.0.0 or later References - CVE - GitHub Advisory...
CVE-2021-24290
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages...
CVE-2021-24290
Store Locator Plus for WordPress (plugin) versions up to 5.5.15 are affected by an unauthenticated stored cross-site scripting (XSS) vulnerability. The CVE describes multiple endpoints that could allow an attacker to inject malicious JavaScript into pages. Affected component: the WordPress plugin...
CVE-2019-14827
A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...
Design/Logic Flaw
A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...
UBUNTU-CVE-2019-14827
A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...
CVE-2019-14827
A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...
CVE-2019-14827
CVE-2019-14827 concerns Moodle where JavaScript injection is possible in some Mustache templates due to recursive rendering from contexts. The root cause is that Mustache helper tags in template contexts were not escaped before being injected into another Mustache helper, enabling potential scrip...
IBM QRadar SIEM Cross-Site Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...
Huawei P30 JavaScript injection vulnerability
Huawei P30 is a smartphone from Huawei China.The Huawei P30 is vulnerable to JavaScript injection, which can be exploited by attackers to launch JavaScript injection by sending malicious application requests...
Sourcecodester Equipment Inventory System Cross-Site Scripting Vulnerability
Sourcecodester Equipment Inventory System is a Sourcecodester open source application. It is used to organize and track its equipment. Sourcecodester Equipment Inventory System 1.0 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary javascrip...