Cross site scripting

A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECTProvider/, such that when the content is viewed it can only be...

GHSA-HGJR-632X-QPP3 Cross-site scripting vulnerability in file upload

There is a cross-site scripting vulnerability in file upload on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible...

Cross-site Scripting (XSS)

baserproject/basercms is vulnerable to cross-site scripting. The file upload function on the management system does not escape user-provided data, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS) - Reflected in zoujingli/thinkadmin

✍️ Description The Application is Vulnerable to reflected XSS Attack. 🕵️‍♂️ Proof of Concept Open the following page in the browser as admin. The 商品名称 field is vulnerable to reflected XSS. An alert box is displayed as PoC...

Cross site scripting

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

CVE-2021-35479

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page. Recent assessments: NinjaOperator at July 23, 2021 9:42pm UTC reported:...

Google Language Translator < 6.0.10 - Authenticated (author+) Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Cross-Site Scripting XSS allowing a user with Author role to execute malicious JavaScript via the glt shortcode...

CVE-2021-24452

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...

CVE-2021-24452 W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...

MTN Group: cross site scripting in : mtn.bj

Summary: Xss vulnerability in mtn.bj in file name Steps To Reproduce: 1.Go to : https://www.mtn.bj/business/ressources/formulaires/plan-de-localisation-de-compte/?next=https://www.mtn.bj/business/ressources/formulaires/formulaire-de-souscription/ 2 - fill all inputs with any data 3 - in file uplo...

Cross site scripting

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated or compromised user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers 1-click RCE...

ZOHO ManageEngine Applications Manager Cross-Site Scripting Vulnerability (CNVD-2021-78743)

ZOHO ManageEngine Applications Manager is an IT operations management solution from ZOHO, Inc. ZOHO ManageEngine Applications Manager is vulnerable to a cross-site scripting vulnerability that could be exploited to execute malicious JavaScript...

GetPaid < 2.3.4 - Authenticated Stored XSS

In the plugin, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is...

ProjectWorlds College Management System 跨站脚本漏洞

Project Worlds Online Examination System is an online examination system. version 1.0 of ProjectWorlds College Management System is vulnerable to a cross-site scripting vulnerability that could be exploited to inject malicious JavaScript code to execute and steal user credentials...

Zoho ManageEngine ADSelfService Plus Cross-Site Scripting Vulnerability (CNVD-2021-37588)

ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlock, profile information update, etc. without relying on a help desk. A stored cross-site scripting vulnerability exists in the...

Recorded Future: [https://app.recordedfuture.com] - Reflected XSS via username parameter

Steps To Reproduce: 1- Visit https://app.recordedfuture.com/live/login/?reset=x&username=xss%22%3E%3Cimg+src=x+onerror=alertdocument.domain%3E Impact An attacker could be able to Inject Malicious Javascript to compromise users...

Cross-site Scripting (XSS)

github.com/knadh/listmonk is vulnerable to cross-site scripting XSS. The library does not sanitize HTML strings before passing to toasts function, allowing a malicious user to inject and execute malicious javascript...

Code injection

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting XSS. The getMovieId function in MediaItemAddMovie.php does not properly validate the invalid video ids, allowing a malicious user to inject and execute malicious javascript...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization in the mediaItem.title, allowing a malicious user to inject and execute malicious javascript...