Cross-site Scripting (XSS)

openmct is vulnerable to cross-site scripting. The library does not properly escape the URL field in the Summary Widget element, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

remdex/livehelperchat is vulnerable to cross-site scripting. The library has stored XSS at customercompanynameValueParam field in the Chat configuration page allowing an attacker to inject and execute malicious javascript on user's browser, resulting in compromised user accounts...

OTRS cross-site scripting vulnerability (CNVD-2022-13927)

OTRS is an open source defect tracking and management system software. OTRS suffers from a cross-site scripting vulnerability that originates in a dynamic field that can be configured by OTRS administrators, where malicious JavaScript code can be injected in the error message of a regular...

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

Cross-site Scripting (XSS) - Generic

Description The user-controlled GET user parameter in index.php is unsanitized resulting in Cross-Site Scripting. Proof of Concept Endpoint: GET https://HOST/edit/user File: /web/edit/user/index.phpL11 // Check user argument if empty$GET'user' header"Location: /list/user/"; exit; Request...

librenms Cross-Site Scripting Vulnerability (CNVD-2022-12754)

Librenms is a PHP and MySQL based open source network monitoring system from the Librenms community. The system features custom alerts, auto-discovery of network environments and automatic updates.Librenms suffers from a cross-site scripting vulnerability that stems from a lack of data validation...

Cross-site Scripting (XSS)

enshrined/svg-sanitize is vulnerable to cross-site scripting. The library uses HTML in SVG markup, allowing an attacker to inject and execute malicious javascript on victim's browser causing system hangs...

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...

Cross site scripting

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

CVE-2022-23707

Summary: CVE-2022-23707 is a cross-site scripting (XSS) vulnerability in Kibana index patterns. An authenticated user with permissions to create index patterns could inject malicious JavaScript into an index pattern, potentially executing against other users. Affected versions (per sources): Kiba...

Cross-site Scripting (XSS)

ptrofimov/beanstalkconsole is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the output parameters in main.php and serversList.php, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

spip is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the malicious SVG file...

Cross-site Scripting (XSS)

python-django is vulnerable to cross-site scripting. The % debug % template tag in the library does not properly encode the current context, allowing an attacker to inject and execute malicious javascript...

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

Design/Logic Flaw

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

F5 NGINX Controller API Code Injection Vulnerability

The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...

Cross-site Scripting (XSS)

cypress-orchardcore is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the menu editing function of the library...

Cross-Site Scripting (XSS)

orchardcore is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser...

CVE-2021-44178

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a reflected Cross-Site Scripting XSS vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be...