Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Description I found file upload XSS, Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Proof of Concept 1. login and navigate to https://gitstable.yetiforce.com/index.php?module=Users&view=PreferenceEdit&record=5 2. Layout photo Add file. 3...

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Proof of Concept https://demo.corebos.com/index.php?module=Users&action=index&parenttab=Settin...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.The WordPress Testimonial plugin has a cross-site scripting vulnerability in versions prior to 1.6.0,...

Cross-site Scripting (XSS) - Stored in siwapp/siwapp

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content. Proof ...

The vulnerability of the ExponentCMS content management system lies in the lack of mechanisms for encoding or shielding output data, allowing attackers to compromise the integrity of the protected information.

The vulnerability of the ExponentCMS content management system is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information by modifying the HTTP headers...

PT-2021-6751 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 14.1.2 GitLab CE/EE version 14.0.7 GitLab CE/EE version 13.12.9 Description: The issue is related to a lack of proper output encoding or escaping in GitLab, a platform for collaborative code development. Und...

Cross-site Scripting (XSS) - Stored in poowf/invoiceneko

✍️ Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content...

Rtl_433 - Program To Decode Radio Transmissions From Devices On The ISM Bands (And Other Frequencies)

rtl433 despite the name is a generic data receiver, mainly for the 433.92 MHz, 868 MHz SRD, 315 MHz, 345 MHz, and 915 MHz ISM bands. The official source code is in the https://github.com/merbanan/rtl433/ repository. For more documentation and related projects see the https://triq.org/ site. It...

PT-2021-6572 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 3.6.20 MongoDB Server versions prior to 4.0.21 MongoDB Server versions prior to 4.2.10 Description: The issue is related to a lack of output encoding or escaping in MongoDB, allowing a remote attacker to impac...

PT-2021-14556 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for ABAP Web Survey versions 700 through 75F Description: The issue arises from insufficient encoding of input and output parameters, leading to a reflected cross-site scripting vulnerability. This allows a malicious user to...

Acronis: Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode

Summary The application exposes store ADMIN page at below URL and is accessible without authentication. http://www.grouplogic.com/ADMIN/store/index.cfm The ADMIN page provides several functionalities. Among them the below functionality is found to be vulnerable to stored XSS. - View and Edit Prom...

Wordpress Themify Portfolio Post Cross-Site Scripting Vulnerability

Wordpress Themify Portfolio Post is Wordpress an open source application plugin . Provide a neat layout to display project information features . A cross-site scripting vulnerability exists in Themify Portfolio Post WordPress plugin versions prior to 1.1.6. The vulnerability stems from the progra...

Wordpress Testimonials Widget Cross-Site Scripting Vulnerability

Wordpress Testimonials Widget is Wordpress open source an application plugin . Provide testimonials function. A cross-site scripting vulnerability exists in Testimonials Widget WordPress plugin versions prior to 4.0.0. The vulnerability stems from the program not properly validating input and not...

Wordpress Team Members Cross-Site Scripting Vulnerability

Wordpress Team Members is a Wordpress open source application plugin . Provide a team in the administration panel to add functionality . A cross-site scripting vulnerability exists in the Team Members WordPress plugin versions prior to 5.0.4. The vulnerability stems from the program not properly...

Wordpress WP Customer Reviews Cross-Site Scripting Vulnerability

Wordpress WP Customer Reviews is a Wordpress open source application plugin. A cross-site scripting vulnerability exists in the WP Customer Reviews WordPress plugin versions prior to 3.4.3. The vulnerability stems from the program not properly validating input and not encoding output. An attacker...

CVE-2021-24147

Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...

CVE-2021-24147

Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...

CVE-2021-24136

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location ...

CVE-2021-24134

Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user Editor+ to inject arbitrary JavaScript code or HTML in posts where the malicious fo...

CVE-2021-24136

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location ...