WordPress Plugin Heator Social Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-30531 · Unknown · Trix Editor

Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.4 Description: The issue is related to a bypass of a previous fix, allowing an attacker to execute arbitrary JavaScript code within the context of the user's session when pasting malicious code. This occurs...

CVE-2024-23188

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...

CVE-2024-23187

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...

CVE-2024-23186

Summary: CVE-2024-23186 affects Open-Xchange Open-Xchange App Suite (see connected sources). An email contains malicious display-name information that can trigger client-side script execution on specific mobile devices, enabling attackers to perform malicious API requests or extract data from use...

CVE-2024-23186

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer...

NETIS SYSTEMS MEX605 安全漏洞

NETIS SYSTEMS MEX605 is a wireless device from NETIS SYSTEMS, Inc. A security vulnerability exists in the NETIS SYSTEMS MEX605 version v2.00.06, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a...

NETIS SYSTEMS MEX605 安全漏洞

NETIS SYSTEMS MEX605 is a wireless device from NETIS SYSTEMS, Inc. A security vulnerability exists in the NETIS SYSTEMS MEX605 version v2.00.06 that stems from the presence of a cross-site scripting XSS vulnerability, which could allow an attacker to execute arbitrary web script or HTML...

CVE-2024-33792

CVE-2024-33792 affects netis-systems MEX605 v2.00.06. A crafted payload to the tracert page allows an attacker to execute arbitrary OS commands (also described as an XSS vulnerability in some sources). The root cause centers on input handling on the tracert page leading to command execution/scrip...

CVE-2024-34144

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377ae and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the contex...

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

CMSimple 安全漏洞

CMSimple is a free content management system. A security vulnerability exists in CMSimple version v5.15. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...

MiniCMS Cross-Site Scripting Vulnerability (CNVD-2024-24950)

MiniCMS is the minimalist content management system for personal websites. A cross-site scripting vulnerability exists in MiniCMS v.1.11, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTM...

yapi 安全漏洞

YMFE YApi is a visual interface management platform from YMFE, Inc. A security vulnerability exists in yapi version v1.10.2, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a crafted...

MiniCMS 安全漏洞

MiniCMS is the minimalist content management system for personal websites. A cross-site scripting vulnerability exists in MiniCMS v.1.11, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTM...

HadSky 跨站脚本漏洞

HadSky is an original open source php lightweight forum system by the Chinese company HadSky. A cross-site scripting vulnerability exists in HadSky v7.6.3, which originates from the presence of cross-site scripting in the remote linking functionality that allows an attacker to execute arbitrary w...

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

phpFox 安全漏洞

phpFox is a social networking platform from phpFox Inc. A security vulnerability exists in phpFox version v4.8.9. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload with the History parameter...

CVE-2024-32206

A stored cross-site scripting XSS vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter...

CVE-2024-29958

Brocade SANnav (SANnav) up to v2.3.0a has a vulnerability where privileged users running the script to replace the SANnav Management Portal standby node can cause the encryption key to be printed to the console. This exposes the encryption key and creates an extra attack surface for key theft. Af...