CVE-2021-21079

Adobe Connect version 11.0.7 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing t...

CVE-2021-21079

Adobe Connect version 11.0.7 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing t...

Mail.ru: Stored xss in calendar via call link

Call link URI schema in calendar.mail.ru web application was filtered improperly, allowing malicious javascript: links...

Sourcecodester Web Based Quiz System 跨站脚本漏洞

Sourcecodester Web Based Quiz System is Sourcecodester an open source application . Used for a simple online based project . Sourcecodester Web Based Quiz System 1.0 suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript code...

NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

In the eCommerce module of NextGEN Gallery Pro, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript. PoC On a page where a NextGEN Pro gallery is embed:...

Cross-site Scripting (XSS)

Overview @stoplight/markdown is an Useful functions when working with Markdown. Leverages the Unified / Remark ecosystem under the hood. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible to inject malicious JavaScript as part of the markdown feature of...

b2evolution 6.11.6 - &#039;tab3&#039; Reflected XSS

Exploit Title: b2evolution 6.11.6 - 'tab3' Reflected XSS CVE: CVE-2020-22839 Date: 10/02/2021 Exploit Author: Nakul Ratti, Soham Bakore Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version...

CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

GHSA-3CRJ-W4F5-GWH4 Processing untrusted theming resources might execute arbitrary code (ACE)

Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...

Cross site scripting

A cross-site scripting XSS vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.128. The vulnerability ste...

Caret Editor Input Validation Error Vulnerability

Caret Editor is a Markdown file editor from Caret. Caret Editor before 4.0.0-rc22 suffers from an input validation error vulnerability that stems from a specially crafted Markdown document that could lead to the execution of malicious JavaScript code in the insertion symbol editor...

CVE-2020-20269

A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22...

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2021-03700)

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...

Cross site scripting

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored...

MTN Group: Reflected XSS on mtnhottseat.mtn.com.gh

hello dear I have found Reflected XSS on mtnhottseat.mtn.com.gh parameters injectable /api/v2/subscribe/; my payload " URL: https://mtnhottseat.mtn.com.gh/api/v2/subscribe/;%22%3E%3Cimg%20src=x%20onerror=alertdocument.domain%3E F1140524 Impact Malicious JavaScript has access to all the same objec...

Privilege escalation

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...

CVE-2020-12517 Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...

Egavilan Media Expense Management System Cross-Site Scripting Vulnerability

Egavilan Media Expense Management System is a Php-based management system for logging overhead from Egavilan Media, USA. A cross-site scripting vulnerability exists in the EGavilan Media Expense Management System version 1.0, which can be exploited to permanently store malicious JavaScript code i...

CVE-2020-35395

CVE-2020-35395 describes a stored XSS vulnerability in the EGavilan Media Expense Management System 1.0, affecting the Add Expense Component. The underlying issue is that the attacker-supplied string in the description field can inject JavaScript, leading to persistent client-side code execution....