Cross Site Scripting

HtmlSanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization whensvg and math html tags are in the list of allowed elements. An attacker can exploit this vulnerability by injection malicious JavaScript using svg and math html tags...

CVE-2023-4564

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...

Design/Logic Flaw

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...

CVE-2023-4564 Multiple vulnerabilities in Canopsis of Capensis

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...

USN-6406-1 mozjs102 vulnerabilities

Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service...

CVE-2023-32671

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation...

Cross Site Scripting

thorsten/phpmyfaq is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization of data. This can be exploited by an attacker to inject malicious JavaScript into the web application...

Canopsis Cross-Site Scripting Vulnerability

Canopsis is an open source hypervisor solution from Canopsis, Inc. A cross-site scripting vulnerability exists in Canopsis version 23.04-alpha3, which stems from a vulnerability that allows an attacker to store malicious JavaScript loads in the login footer and login page description parameters...

PT-2023-24024 · Nxlog · Nxlog Manager

Name of the Vulnerable Software and Affected Versions: NXLog Manager version 5.6.5633 Description: A Cross-Site Scripting XSS issue allows an attacker to inject malicious JavaScript into the Full Name field during user edit, due to improper sanitization of the input parameter. This enables the...

Cross site scripting

In WSFTP Server version prior to 8.8.2, a stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site...

CVE-2023-40047 WS_FTP Server Stored Cross-Site Scripting Vulnerability

In WSFTP Server version prior to 8.8.2, a stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site...

CVE-2023-4892

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

CVE-2023-4892

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

Design/Logic Flaw

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

CVE-2023-4892 Teedy v1.11 - Stored cross-site scripting (XSS)

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. PoC - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to...

Teedy Cross-Site Scripting Vulnerability

Teedy is a French open source, lightweight document management system for individuals and businesses. A security vulnerability exists in Teedy v1.11, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute malicious JavaScript code in a web...

Cross site scripting

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a reflected cross-site scripting XSS vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer...

Progress MOVEit Transfer Cross-Site Scripting Vulnerability

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer. An attacker could exploit the vulnerability to execute malicious JavaScript in the victim's browser environment...

CVE-2023-38215 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...