2179 matches found
Cross-site Scripting (XSS)
org.apache.portals.pluto.demo:v3-demo-portlet is vulnerable to cross-site scripting XSS. The library does not properly escape the user input parameters in UrlTestPortlet, allowing a remote attacker to inject and execute malicious javascript...
Cross-site Scripting (XSS)
applicant-mvcbean-cdi-jsp-portlet is vulnerable to cross-site scripting. The library does not properly escape the user input parameters in confirmation.jspx, allowing an attacker to inject and execute malicious javascript...
Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites
UPDATE A supply-chain campaign infecting Sotheby’s real-estate websites with data-stealing skimmers was recently observed being distributed via a Brightcove cloud-video platform instance. According to Palo Alto Networks’ Unit 42 division, researchers noticed that most of the activity affected...
Projeqtor 9.3.1 Cross Site Scripting Vulnerability
Exploit Title: Projeqtor v9.3.1 Stored XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Vendor Homepage: https://www.projeqtor.org/en/ Software Link: https://www.projeqtor.org/en/product-en/downloads Tested on: Ubuntu, LAAMP Vendor: Projeqtor Version: v9.3.1 Exploit Description...
Cross-site Scripting (XSS) - Stored in microweber/microweber
Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. Proof of Concept 1 Visit "Contact Us" page and put in Message field. Cli...
CVE-2021-43861
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...
NUUO Network Video Recorder NVRsolo Cross-Site Scripting Vulnerability
NUUO Network Video Recorder NVR is a network video recorder from NUUO, Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo version 3.9.1, which stems from the lack of effective filtering and escaping of user-submitted request parameters, and can be...
Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)
Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...
CVE-2021-41029
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...
Cross site scripting
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests...
Fortinet FortiWLM 跨站脚本漏洞
Fortinet FortiWLM is a wireless manager from Fortinet, Inc. A cross-site scripting vulnerability exists in Fortinet FortiWLM, which can be exploited by attackers to execute malicious javascript code on the victim's host via a crafted HTTP request...
FortiWeb - Reflected cross-site scripting in error controllers
Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...
Cross-site Scripting (XSS)
ckan is vulnerable to cross-site scripting. The library does not properly sanitize input strings, allowing an attacker to inject and execute malicious javascript via SVG file...
CVE-2021-25987
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code...
CVE-2021-25987 Hexo - Stored XSS
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code...
Cross-site Scripting (XSS)
@joeattardi/emoji-button is vulnerable to cross-site scripting. The vulnerability exists because the custom emojis of emoji-button doesn't escape HTML, allowing an attacker to inject and execute malicious javascript...
Cross-site Scripting (XSS)
getkirby/kirby is vulnerable to cross-site scripting. The library does not properly escape HTML special characters, allowing an attacker to inject and execute malicious javascript. test...
Bludit 3.13.1 - (username) Cross Site Scripting Vulnerability
Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to reproduce 1. Open...
Darwin Factor 跨站脚本漏洞
Darwin Factor is a free and open source next-generation TypeScript framework from Darwin, Inc. Darwin Factor has a cross-site scripting vulnerability that stems from vulnerability to search parameter reflection cross-site scripting XSS attacks in URLs, which can be exploited by unauthenticated...
CVE-2021-42703
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action...