Cross site scripting

A persistent cross site scripting XSS vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field...

CVE-2021-27822

A persistent cross site scripting XSS vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field...

Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF

Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall WAF appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface...

CVE-2021-39267

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution such...

Cross site scripting

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...

CVE-2021-39267

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution such...

CVE-2021-39267

CVE-2021-39267 describes a persistent cross-site scripting (XSS) vulnerability in the SuiteCRM web interface. The issue allows a remote attacker to inject arbitrary JavaScript by uploading files, due to a Content-Type Filter bypass where text/html is blocked but other types capable of executing J...

CVE-2021-39268

CVE-2021-39268 : Persistent XSS in SuiteCRM web interface prior to 7.11.19. An attacker can inject arbitrary JavaScript via malicious SVG files because the clean_file_output protection can be bypassed. Impact is remote code execution of JavaScript with LOW integrity impact and no confidentiality/...

CVE-2021-3619 Rapid7 Velociraptor Notebooks Authenticated Persistent XSS

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting XSS issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to...

CVE-2021-3619

CVE-2021-3619 affects Rapid7 Velociraptor up to version 0.5.9. It is a post-authentication persistent XSS vulnerability where an authenticated user could abuse MIME type sniffing to embed executable code via a malicious upload. The issue was fixed in version 0.6.0. Note that Velociraptor login ri...

MAC1100 PLC Denial of Service Vulnerability

The MAC1100 PLC is an industrial control product PLC. A security vulnerability exists in the MAC1100 PLC that can be exploited by an attacker to cause a persistent denial of service DOS via a crafted package...

CVE-2021-38757

CVE-2021-38757 is a reported persistent cross-site scripting (XSS) vulnerability in a Hospital Management System (often referenced as PHPGurukul/Hospital Management System). The public descriptions consistently state that the XSS is targeted at the web admin via the contact.php endpoint. Exploit ...

CVE-2021-38756

CVE-2021-38756: Persistent cross-site scripting in Hospital Management System (PHPGurukul) via prescribe.php affecting web admin. Descriptions indicate the vulnerability enables execution of JavaScript through input on prescribe.php; root cause not explicitly stated in provided documents. CVSS sc...

CVE-2021-38757

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php. Recent assessments: nu11secur1ty at August 17, 2021 2:20pm UTC reported: XSS-Stored PHPSESSID user PWNED on Hospital Management System Vulnerable parameter “txtMsg” on contact...

CVE-2020-18757

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service DOS via a crafted packet...

CVE-2020-18757

The CVE-2020-18757 entry concerns Dut Computer Control Engineering Co.’s MAC1100 PLC. Affected component: MAC1100 PLC; vulnerability type: denial of service; root cause described as a crafted packet that allows an attacker to cause a persistent DOS condition. Across connected sources (Red Hat adv...

389-ds:1.4 security and bug fix update

1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin 1.4.3.16-18 - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed...

CVE-2021-0083

Improper input validation in some IntelR OptaneTM PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access...

CVE-2021-3539

CVE-2021-3539 affects EspoCRM 6.1.6 and earlier, with a persistent (type II) cross-site scripting (XSS) vulnerability in handling user-supplied avatar images. The issue is fixed in version 6.1.7. The connected documents corroborate the vulnerability and the fix; no exploit details are provided. R...

CVE-2021-32793

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-scripting vulnerability. User input added ...