Cross-Site Scripting (XSS)

activemq is vulnerable to cross-site scripting attacks. The vulnerability exists in the web based administration console on the message.jsp which allows an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

kiwitcms is vulnerable to cross-site scripting. The vulnerability exists in diffobjects function in history.py due to lack of validation of the store values which allows a remote attacker to inject and execute malicious javascript into system...

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.9.0 and later, 3.9.18 and earlier, 3.11.0 and later, 3.11.11 and...

DOM-based Cross-site Scripting (DXSS) Vulnerability

Description Two CalendarXP products have DXSS vulnerability in common parts of HTML files. CalendarXP FlatCalendarXP through 10.0.1 has DXSS vulnerability in iflateng.htm and nflateng.htm, and CalendarXP PopCalendarXP through 10.0.1 has DXSS vulnerability in ipopeng.htm and npopeng.htm. Proof of...

GHSA-HF94-8MX5-2VVJ Cross-site Scripting in kiwitcms

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

Cross-Site Scripting (XSS)

ezsystems/ezplatform-admin-ui is vulnerable to cross-site scripting. The vulnerability exists because the admin privileges are not properly handled when editing content types which allows an attacker to inject and execute malicious javascript in the content type entries...

Cross-site Scripting (XSS)

librenms/librenms is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in the map items in print-alert-rules.php, which allows a remote attacker to inject and execute malicious JavaScript into the system...

CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2022-4105

CVE-2022-4105 refers to a stored XSS in Kiwi TCMS’s kiwi Test Plan. The vulnerability allows attacker-supplied JavaScript to execute in the context of the application, potentially enabling a chained HTML injection that can perform a UI redressing attack (clickjacking) and an HTML injection that d...

CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

Code injection

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

CVE-2022-4022

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

PT-2022-25291 · WordPress · Svg Support

Name of the Vulnerable Software and Affected Versions: SVG Support plugin for WordPress versions 2.5 through 2.5.1 Description: The SVG Support plugin for WordPress defaults to insecure settings, allowing authenticated attackers with author-level privileges and higher to upload malicious SVG file...

CVE-2022-3240 Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to cross-site scripting. The vulnerability exists due to the unsanitized outputs in icons.php, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

tribalsystems/zenario is vulnerable to cross-site scripting attacks. The vulnerability exists due to a lack of sanitization in the adminorganizer.js of the component error log module, allowing an attacker to inject and execute malicious javascript into the system...

CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...