Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting. Several flaws were found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. A flaw was found in the way Firefox handled malformed JavaScript. A website with an object containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox...

PT-2020-12655 · WordPress · Wp Lead Plus X

Name of the Vulnerable Software and Affected Versions: WP Lead Plus X plugin versions through 0.98 Description: The issue allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the "wp ajax core37 lp save page"...

Car Rental System <= 1.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

An unauthenticated user can inject malicious JavaScript via the booking form, specifically in the new user details. The XSS payload is then executed when an authenticated administrator user views the booking on the booking-list and cust-lookup pages. PoC Inject XSS via most fields in the booking...

Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS)

Contact Form 7 Datepicker registers an AJAX action to save settings which calls a function that fails to perform a capability check or nonce check. As such, a logged-in attacker with minimal permissions such as a subscriber can send a crafted request which will store a malicious JavaScript in the...

Cross site scripting

Versiant LYNX Customer Service Portal CSP, version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or...

CVE-2019-16935

A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...

UBUNTU-CVE-2020-1771

Attacker is able craft an article with a link to the customer address book with malicious content JavaScript. When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: OTRS Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior...

CVE-2020-10196

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several o...

Cross site scripting

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several o...

CVE-2019-19294

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The web interface of the Control Center Server CCS contains multiple stored Cross-site Scripting XSS vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious...

CVE-2020-10099

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens the ticket or has the ticket within the Toolbar...

10Web Map Builder for Google Maps < 1.0.64 - Unauthenticated Stored XSS via Plugin Settings Change

The vulnerability in 10Web Map Builder exists in the plugin’s setup process. The plugin’s setup functions are called during admininit which, like Flexible Checkout Fields, is accessible to unauthenticated users. If an attacker injects malicious JavaScript into certain settings values, that code...

Engel & Völkers Technology GmbH: [go3-intern.engelvoelkers.com] - Reflected XSS in /dGPS3/default.jsp

Summary: The application fails to sanitize user input in https://go3-intern.engelvoelkers.com/dGPS3/default.jsp and reflect the input directly in the HTTP response, allowing the hacker to exploit the vulnerable parameter and have malicious content executed in the victim's browser. Description: A...

Stored Cross-site Scripting Vulnerability in Qibo CMS System

Qibo CMS system is a content management system under Guangzhou Qibo Network Technology Co. A stored cross-site scripting vulnerability exists in the Qibo CMS system. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...

CVE-2013-7324

Webkit-GTK 2.x any version with HTML5 audio/video support based on GStreamer allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration...

Design/Logic Flaw

Webkit-GTK 2.x any version with HTML5 audio/video support based on GStreamer allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration...

CVE-2013-7324

Webkit-GTK 2.x any version with HTML5 audio/video support based on GStreamer allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration...

Arbitrary Code Execution

hmtlunit is vulnerable to arbitrary code execution. The application does not prevent Rhinos' access to Java resources such as Java methods. This allows an attacker to execute arbitrary Java code on the system using malicious Javascript code...

HtmlUnit vulenerable to arbitrary code execution

Overview HtmlUnit is a Java-based library which provides web browser functionality to Java programs, and it supports JavaScript evaluation with embedded Mozilla Rhino engine. Mozilla Rhino engine offers a feature to make Java objects available from JavaScript. HtmlUnit initializes Rhino engine...