178 matches found
LibreNMS Misc Section Stored Cross-site Scripting vulnerability
StoredXSS-LibreNMS-MiscSection Description: Stored XSS on the parameter: ajaxform.php - param: state Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...
LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability
StoredXSS-LibreNMS-Display Name 2 Description: XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display of Librenms versions 24.11.0 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user view...
CVE-2025-23031 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionaralergia.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...
Adobe Connect <= 11.4.7 Multiple Vulnerabilities (APSB24-99)
The version of Adobe Connect installed on the remote host is prior to 11.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-99 advisory. - Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that coul...
Cross-site Scripting (XSS)
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Cross-site Scripting XSS via the sanitizesvg function. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into a...
Cross Site Scripting(XSS)
craftcms/cms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient input sanitization in the breadcrumb list and title fields, allowing user-provided input to be stored without proper validation or encoding, which then executes malicious scripts when displayed...
CVE-2024-26088
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2024-23188
Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...
CVE-2024-26052
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
PT-2023-30407 · Unknown · Nukium Nkmgls
Name of the Vulnerable Software and Affected Versions: Nukium nkmgls versions prior to 3.0.2 Description: The issue is related to Cross Site Scripting XSS and can be exploited via the displayAjaxSavePhoneMobile function in the NkmGlsCheckoutModuleFrontController. This allows for potential malicio...
Cross site scripting
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...
Drugs.com: Stored Xss On "https://www.question.com/"
The vulnerability was a stored cross-site scripting XSS issue on the "https://www.question.com/" website. The vulnerability was discovered in the "ask" page, where a malicious script was injected directly into the web application. The impact of the vulnerability was that the malicious script coul...
PT-2022-23601 · Unknown · Picuploader
Name of the Vulnerable Software and Affected Versions: PicUploader version 2.6.3 Description: A cross-site scripting XSS issue was found in the /master/index.php component of PicUploader. This allows for potential malicious script execution. Recommendations: For PicUploader version 2.6.3, conside...
Cross-site Scripting (XSS)
privatebin is vulnerable to cross-site scripting. No sanitization in handling Attachment before sending for preview in SVG in AttachmentViewer allows malicious script execution in instance context...
Cross-site Scripting (XSS) - Stored in erudika/scoold
Description The Schold is a Q&A/knowledge base platform written in Java. When writing a Q&A, you can use the markdown editor. So I tried to exploit the syntax to try an XSS attack. It seemed to validate javascript: on the backend. So I couldn't use it. However, according to RFC3986, the scheme ca...
CVE-2021-21084
AEM's Cloud Service offering, as well as versions 6.5.7.0 and below, 6.4.8.3 and below and 6.3.3.8 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...
MTN Group: Cross-Site Request Forgery (CSRF) to xss
hello dear support i have found csrf to xss on https://dailydeals.mtn.co.za/index.cfm?GO=DEALS URL:https://dailydeals.mtn.co.za/index.cfm?GO=DEALS URL encoded POST input CFID was set to fbe8c86c-c0b2-4421-8ca2-dcfc14763d6e" HTTP request ============ POST /index.cfm?GO=DEALS HTTP/1.1 Host:...
Zen Cart Cross-Site Scripting Vulnerability (CNVD-2021-22861)
Zen Cart is open source, free mall system for building professional online stores. A reflective cross-site scripting vulnerability exists in Zen Cart 1.5.6d. An attacker can execute malicious script via the includes/templates/templatedefault/common/tplmainpage.php or...
Security Bulletin: IBM Cloud Automation Manager is affected by a insecure Content-Security-Policy header vulnerability CVE-2019-4133
Summary IBM Cloud Automation Manager could allow a malicious user on the client side with access to client computer to run a custom script. Vulnerability Details CVEID: CVE-2019-4133 DESCRIPTION: IBM Cloud Automation Manager could allow a malicious user on the client side with access to client...
CVE-2018-1000874
PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a...