Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and...

Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

The plugin does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as...

Rescue Dispatch Management System 跨站脚本漏洞

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system is vulnerable to a cross-site scripting vulnerability that could be exploited to inject malicious JavaScript programs, steal other user cookies, etc...

Cross-site Scripting (XSS)

OctoPrint is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in the redirecturl parameter in the login function of views.py, allowing an attacker to inject and execute malicious javascript by redirecting to malicious URLs...

Cross-site Scripting (XSS)

para-core is vulnerable to cross-site scripting. The vulnerability exists because the compileMustache function of Utils.java does not properly escape the HTML when compiling mustache templates, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting in Jolokia agent

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

GHSA-HFPG-GQJW-779M Cross-site Scripting in Jolokia agent

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

Cross-site Scripting (XSS)

facturascripts/facturascripts is vulnerable to reflected cross-site scripting. The vulnerability exists in the privateCore function of EditPageOption.php' due to the lack of sanitization which allows an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

org.wso2.carbon.identity.application.authentication.framework is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the authenticationEndpointURL parameter in readAuthenticationEndpointURL function of FileBasedConfigurationBuilder.java...

Cross-site Scripting (XSS)

org.wso2.carbon.identity.mgt.endpoint.util is vulnerable to cross-site scripting. The vulnerability exists due to the lack of regular expression validation in the localVarPath parameter in the recover function of PasswordRecoveryApiV1.java, allowing an attacker to inject and execute malicious...

Cross-site Scripting (XSS)

org.wso2.carbon.ui is vulnerable to cross-site scripting. The vulnerability exists due to the improper output encoding in the errorCode parameter in the getSafeText function of login.jsp, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the user inputs through the canonical tag, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scripting. The vulnerability exists in the prepare function of PageRegular.php, allowing an attacker to inject and execute malicious javascript through the canonical tags...

Cross-site Scripting (XSS)

materialize-css is vulnerable to cross-site scripting. The highlight function of autocomplete.js does not properly escape the user input such as , allowing an attacker to inject and execute malicious javascript...

WordPress plugin Import and export users and customers 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Import and export users and customers plugin...

CVE-2022-23060

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

GHSA-9HGC-WPC5-V8P9 An attacker can execute malicious javascript in Live Helper Chat

Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious javascript on application...

CVE-2022-1530 Cross-site Scripting (XSS) in livehelperchat/livehelperchat

Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application...

Ukraine government and pro-Ukrainian sites hit by DDoS attacks

The Computer Emergency Response Team in Ukraine CERT-UA has announced that Ukraine government web portals and pro-Ukraine sites are subjected to ongoing DDoS distributed denial of service attacks. They dont currently know who is behind these attacks. The attack involves injecting a malicious...

Cross-site Scripting (XSS)

esapi is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization use in the onsiteURL regular expression of antisamy-esapi.xml, allowing an attacker to inject and execute malicious javascript...