194 matches found
PT-2024-23072 · 10Web +1 · Photo Gallery
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The image upload component is affected by an issue where it allows SVG files, and the regular expression used to remove script tags can be bypassed. Thi...
WordPress plugin PhotoGallery 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-25155
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...
golang: html/template: improper handling of HTML-like comments within script contexts
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...
SUSE CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...
CVE-2023-4663
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9...
CVE-2023-4864
A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert'xss' leads to cross site scripting. It is possible to initiate the attack...
FOG Forum 0.8 Cross Site Scripting
==================================================================================================================================== | Title : FOG Forum v0.8 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
CKEditor 5 35.4.0 - Cross-Site Scripting Vulnerability
Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 was discovered to contain...
CVE-2021-44197
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126...
PT-2022-16031 · Typo3 · Typo3/Html-Sanitizer
Name of the Vulnerable Software and Affected Versions: typo3/html-sanitizer versions prior to 1.5.0 or 2.1.1 Description: The HTML sanitizer is written in PHP and aims to provide XSS-safe markup based on explicitly allowed tags, attributes, and values. However, due to a parsing issue in the...
PT-2022-24937 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue concerns the improper neutralization of script related HTML tags in assets inventory information. This has been patched, and an upgrade is recommended. There are no known workarounds at thi...
CVE-2022-38771
The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...
Transtek Mojodat FAM SQL注入漏洞
Transtek Mojodat FAM is a Fixed Asset Management software from Transtek Lebanon. A security vulnerability exists in Transtek Mojodat FAM Fixed Asset Management version 2.4.6, which stems from a vulnerability that allows remote attackers to send SCRIPT tags as injected input to API requests...
The vulnerability in the web interface of the Cisco IoT Control Center allows a perpetrator to execute arbitrary code or access confidential information.
The vulnerability in the web interface of the Cisco IoT Control Center relates to the failure to remove scipt-related HTML tags from the website. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or gain access to confidential information through a specially crafted...
Cross Site Scripting (XSS)
Microweber is vulnerable to stored Cross Site Scripting. The vulnerability is due to improper sanitization in the product category title field. An authenticated attacker can add or modify a category, adding an Iframe script tag to the title that will run arbitrary Javascript whenever a user visit...
CVE-2022-1293
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions...
CVE-2022-1293
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions...
CVE-2022-25238
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...
CVE-2021-27781
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...