CVE-2022-40435

CVE-2022-40435 affects Employee Performance Evaluation System v1.0. The vulnerability is a persistent cross-site scripting (XSS) flaw that can be triggered by adding new entries in the Departments and Designations module. The CVSS v3.1 vector (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) yields a base sc...

Employee Performance Evaluation System 跨站脚本漏洞

SourceCodester Employee Performance Evaluation System is a Php-based website builder for employee performance management from SourceCodester, Inc. A security vulnerability exists in Employee Performance Evaluation System v1.0, which stems from a vulnerability in its Departments and Designations...

Code injection

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...

Malicious code in tuikit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5b26769a80f331c5cfc3d59f83a5878521c9860b88461270f86bc397ab01ca0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

Cross site scripting

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

Design/Logic Flaw

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS via Textile formatter due to improper sanitization of blockquote syntax in Textile-formatted fields. Affected versions should upgrade to at least Redmine 4.2.9 and 5.0.4. No exploit details are provided in the sources; note that th...

Redmine 跨站脚本漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A cross-site scripting vulnerability exists in Redmine versions prior to 4.2.9 and 5.0.x through 5.0.4...

CVE-2022-44637

CVE-2022-44637 affects Redmine before 4.2.9 and 5.0.x before 5.0.4, where persistent XSS can be triggered via the Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on configuration, exploitation may require login as a registered user. Root cause: insu...

CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

IBM Websphere Application Server 7.0 Cross Site Scripting

Exploit Title: IBM Websphere Application Server 7.0 - Persistent Cross-Site Scripting Authenticated Date: 2022-12-02 Author: Milad karimi Software Link: https://www.ibm.com/support/pages/6107-websphere-application-server-v61-fix-pack-7-windows Version: 7.0 Tested on: Windows 10 CVE: 2009-0855 1...

GHSA-M9MF-RQX6-2XPC ThinkCMF Stored Cross-Site Scripting (XSS)

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

ThinkCMF Stored Cross-Site Scripting (XSS)

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

CVE-2022-40849

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

CVE-2022-40849

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

Cross site scripting

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

PT-2022-25579 · Thinkcmf · Thinkcmf

Name of the Vulnerable Software and Affected Versions: ThinkCMF version 6.0.7 Description: The issue allows an attacker to inject a Persistent XSS payload in the Slideshow Management section, executing arbitrary JavaScript code on the client side. This could be used to steal the administrator's P...