Cross-Site Scripting (XSS)

django-helpdesk is vulnerable to cross-site scripting. The library does not properly sanitize input strings, allowing an attacker to inject and execute malicious javascript...

Montala ResourceSpace 跨站脚本漏洞

ResourceSpace is a digital asset management tool that enables users to organize their digital assets. cross-site scripting exists in the wordpressuser parameter in plugins/wordpresssso/pages/index.php in versions prior to ResourceSpace 9.6 rev 18290 vulnerability. An attacker could exploit this...

Cross-site Scripting (XSS)

publifycore is vulnerable to cross-site scripting. An attacker with a publisher role can inject and execute malicious javascript while creating a page or article...

CVE-2021-25975 Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...

CVE-2021-25978 Apostrophe - XSS

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...

Cross-site Scripting (XSS)

bootstrap-table is vulnerable to cross-site scripting. Lack of input sanitization in the escapeHTML function of index.js allows an attacker to inject and execute malicious javascript even if the escape attribute is set...

Cross-site Scripting (XSS)

nbdime is vulnerable to cross-site scripting. The library does not properly sanitize input strings, allowing an attacker to inject and execute malicious javascript...

CVE-2021-38356 NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting

The NextScripts: Social Networks Auto-Poster = 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $REQUEST'page' parameter which is echoed out on inc/nxsclasssnap.php by supplying the appropriate value 'nxssnap-post' to load the page in $GET'page' along with malicious...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting. This is due to improper encoding of the tags, which allows an attacker to insert and execute malicious javascript...

CVE-2021-21319

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround this is the default state...

CVE-2021-21319

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround this is the default state...

Cross-site Scripting (XSS)

sulu/sulu is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the tag names as it does not properly sanitize input html...

CVE-2021-41156

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

Design/Logic Flaw

The Brizy Page Builder plugin = 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizyupdateitem AJAX action and adding JavaScript to th...

CVE-2021-38344 Brizy <= 2.3.11 Authenticated Stored Cross-Site Scripting

The Brizy Page Builder plugin = 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizyupdateitem AJAX action and adding JavaScript to th...

Cross site scripting

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2021-40714 Adobe Experience Manager Reflected Cross Site Scripting via accesskey parameter

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the...

CVE-2021-23439

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

CVE-2021-23439 Cross-site Scripting (XSS)

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

PT-2021-15525 · Unknown · File-Upload-With-Preview

Name of the Vulnerable Software and Affected Versions: file-upload-with-preview versions prior to 4.2.0 Description: The issue allows a file containing malicious JavaScript code in its name to be uploaded, but this requires a user to be tricked into uploading such a file. Recommendations: For...