SQL Injection

cruddl is vulnerable to sql injection attacks. The vulnerability exists because of the missing sanitizations in the query function in arangodb-adapter.ts which allows a remote attacker to inject and execute malicious javascript script in to the system...

CVE-2022-37731

ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing...

wikmd 跨站脚本漏洞

wikmd is a file-based wiki for individual developers of linbreux. A cross-site scripting vulnerability exists in versions of wikmd prior to 1.7.1, which originates from an attacker being able to capture a user's session cookie or execute malicious Javascript while the victim is editing a markdown...

PT-2022-23169 · Wikmd · Wikmd

Name of the Vulnerable Software and Affected Versions: Wikmd versions prior to 1.7.1 Description: The issue allows an attacker to capture a user's session cookies or execute malicious Javascript when a victim edits a markdown file. Recommendations: For versions prior to 1.7.1, update to version...

Cross-site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists because the FileExtensionWhiteList function in FileUpload.fnc.php does not restrict unsanitized SVG files from being injected, which allows an attacker to execute malicious javascript and steal...

Cross-site Scripting (XSS)

x-data-spreadsheet is vulnerable to cross-site scripting. The vulnerability exists due to the missing sanitization of values inserted into the cells, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The use of the v-html tag in MultiselectInput.vue allows an attacker to inject and execute malicious javascript through the dynamic options in the multi-select field...

Cross-site Scripting (XSS)

keycloak-wildfly-adduser is vulnerable to cross-site scripting. The vulnerability exists due to lack of escape in Add use parameter which allows a remote attacker to inject and execute malicious javascript into the system...

PT-2022-23925 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 6.11 P3 6.11.0.3 Description: The issue allows a remote unauthenticated malicious user to potentially exploit a reflected XSS vulnerability by tricking a victim application user into supplying malicious...

Cross-site Scripting (XSS)

artemis-plugin is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the address and queue attributes in the ConsumersController function of consumers.js, allowing an attacker to show malicious content or redirect to malicious URLs in the web console b...

Reflected XSS via "stuffid" parameter

Description The value for the stuffid parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting attacks. The vulnerability exists because the SpoonLibrary does not properly handle uppercase characters, which allows remote authenticated attackers to inject and execute malicious javascript via the publishontime Parameter...

Esri Portal For ArcGis 跨站脚本漏洞

Esri Portal For ArcGis is a component of Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal For ArcGis, which stems from stored cross-site scripting XSS in configurable...

Renato 跨站脚本漏洞

Renato is an open source knowledge base platform that uses static Markdown files to power your knowledge base. A security vulnerability exists in Renato version v0.17.0, which originates from an attacker with local access rights can upload a markdown file with malicious JavaScript that can be...

Cross-Site Scripting (XSS)

github.com/velocidex/velociraptor is vulnerable to cross-site scripting. The vulnerability exists in the Completer function in syntax.js due to improper sanitization in the description field which allows an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

firefox is vulnerable to cross-site scripting attacks. Directory indexes for bundled resources are reflected in URL parameters, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

libxml2.so is vulnerable to cross-site scripting. The vulnerability exists in the htmlAttrDumpOutput function in HTMLtree.c due to a lack of sanitization in the escaped variable which allows an attacker to inject and execute malicious javascript...

PT-2022-23962 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 11.2.1.53537 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. Th...

Cross-site Scripting (XSS)

joplin is vulnerable to cross-site scripting. The vulnerability exists because the surroundKeywords function of string-utils.js does not properly escape the malicious html codes in valueRegex and value parameters, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting. The vulnerability exists in userreporttracks.php due to the lack of sanitization in user-supplied data, allowing an attacker to inject and execute malicious javascript or cause blind ssrf attacks...