Redis Labs Redis 跨站脚本漏洞

Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A cross-site scripting vulnerability exists in ASRedis versions prior to 0.5, which can be exploited ...

Shopware 跨站脚本漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware in versions prior to 5.7.6 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description When uploading a new module, the description of the module can contain JavaScript code. After uploading the new module and looking at the Details page, the JavaScript code would be executed. Proof of Concept - I downloaded this module...

GHSA-W7X8-CQ7R-G5G9 Cross Site Scripting in Microweber

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

CVE-2021-25977

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Design/Logic Flaw

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

CVE-2021-25977 Piranha CMS - Stored XSS in Page Title

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

CVE-2021-25977 Piranha CMS - Stored XSS in Page Title

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Akaunting 跨站脚本漏洞

Akaunting, an application from Akaunting, Inc. provides all the tools needed to manage funds online.Akaunting version 1.3.17 contains a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied and output data in the company name input field. An attacker cou...

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content...

McAfee Epolicy Orchestrator 跨站脚本漏洞

McAfee Epolicy Orchestrator McAfee Epo is a U.S.-based solution for managing endpoint, network, data security, and compliance. A cross-site scripting vulnerability exists in McAfee ePolicy Orchestrator, which can be exploited by an attacker to run JavaScript code in the context of a Web site...

McAfee Epolicy Orchestrator 跨站脚本漏洞

McAfee Epolicy Orchestrator McAfee Epo is a U.S.-based solution for managing endpoint, network, data security, and compliance. A cross-site scripting vulnerability exists in McAfee ePolicy Orchestrator that originates from an attacker being able to trigger cross-site scripting in McAfee ePO in...

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

Cross site scripting

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description XSS in the question asking session feedback page Proof of Concept Hi'" link https://demo.fork-cms.com/private/en/faq/edit?token=u1xyihius6&id=1 paste the payload in the question section and view the question in link Impact custom javascript code execution , session stealing etc...

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber CMS version 1.2.7, which can be exploited ...

CVE-2021-41156

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

Design/Logic Flaw

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

CVE-2021-40721

Adobe Connect version 11.2.3 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...