Adobe Acs-aem-commons 跨站脚本漏洞

Adobe Acs-aem-commons is a Java-based codebase of AEM/CQ code collections generated from AEM by Adobe U.S. Adobe Acs-aem-commons 5.1.x and earlier versions contain a cross-site scripting vulnerability that could be exploited by an attacker to inject malicious JavaScript content into vulnerable fo...

CVE-2022-24864

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

Design/Logic Flaw

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

CVE-2022-24864 Malicious Javascript injection in OriginProtocol/origin-website

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

CVE-2022-24864

CVE-2022-24864 affects Origin Protocol’s origin-website: an attacker can inject malicious JavaScript by posting to /presale/join. User-controlled data is sent to SendGrid without sanitization and inserted into an email addressed to [email protected]. If the recipient’s email client is s...

ThoughtWorks GoCD Cross-Site Scripting Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A cross-site scripting vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which can be exploited by an attacker controlling a GoCD agent to plant malicious JavaScript into a failed job report...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the description of a new module due to the lack of validations...

Xbtit Cross-Site Scripting Vulnerability

Xbtit is a tracker software. A cross-site scripting vulnerability exists in Xbtit version 3.1. The vulnerability occurs when /ajaxchat/sendChatData.php fails to properly validate the value of the "n" POST parameter. An attacker could exploit this vulnerability to execute malicious JavaScript code...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the pricing rule of online shop in EcommerceFrameworkBundle, image thumbnails in settings, and video thumbnails in settings...

Microweber 跨站脚本漏洞

Microweber is a drag-and-drop website builder and CMS based on the PHP Laravel framework. Microweber suffers from a cross-site scripting vulnerability, which can be exploited by attackers to upload . azhtml file e.g. ahtml, bhtml, chtml, ddhtml, as long as it ends in html. After uploading,...

Reflected XSS

Description Privacy Consent in ForkCMS v 5.11.0 Setting unsanitized user input resulting in Reflected XSS. Proof of Concept Endpoint 1 http://IP/private/en/settings/index Step 1 Login to ForkCMS 2 Go to Settings - General 3 Insert payload on "Technical Name" user input at "Privacy Consent" panel...

GHSA-5RCC-6CMJ-7728 Cross-site Scripting in BookStack

Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop this type of...

Cross-site Scripting (XSS) - Stored

Description Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop thi...

Cross-site Scripting (XSS)

@awsui/components-react is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript as the library does not properly sanitize the user input...

25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository

Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down. The libraries in question...