45 matches found
CVE-2021-3012
A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...
CVE-2018-18405
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...
Design/Logic Flaw
DISPUTED jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...
CVE-2018-18405
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...
PT-2020-8631 · Jquery · Jquery
Name of the Vulnerable Software and Affected Versions: jQuery version 2.2.2 Description: The issue allows for cross-site scripting XSS attacks via a crafted onerror attribute of an IMG element. Recommendations: For jQuery version 2.2.2, consider disabling the use of the onerror attribute in IMG...
CVE-2019-12954
SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...
CVE-2019-12954
SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
GHSA-WG85-P6J7-GP3W SimpleMDE XSS Vulnerability
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...
CVE-2018-19057
CVE-2018-19057 affects SimpleMDE 1.11.2. The vulnerability is a cross-site scripting (XSS) issue triggered by an onerror attribute on a crafted IMG element, or by certain input containing [ and ( characters, which is mishandled during the construction of an A element. The issue is described acros...
TeaKKi Cross-Site Scripting Vulnerability
TeaKKi is a team document collaboration software. The software features document synchronization, category management and rights management. A cross-site scripting vulnerability exists in TeaKKi version 2.7. The vulnerability can be exploited by remote attackers to inject arbitrary web script or...
CVE-2018-18540
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...
CVE-2018-18540
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...
Cross site scripting
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...
CVE-2018-13339
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...
CVE-2018-13065
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...
Code injection
DISPUTED ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...
CVE-2018-13065
CVE-2018-13065 affects ModSecurity 3.0.0 with a Cross-Site Scripting issue: XSS via an IMG onError attribute. The core detail across connected sources is that an attacker could inject script through an onError on an IMG tag; some sources note a third party disputes applicability without a Core Ru...
ModSecurity 3.0.0 - Cross-Site Scripting
ModSecurity 3.0.0 - Cross-Site Scripting. CVE-2018-13065. Webapps exploit for Linux platform. Tags: Cross-Site Scripting XSS Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewa...
Reflected XSS in 'where' param of doSearchSite
Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...