Gila CMS Cross-Site Scripting Vulnerability (CNVD-2021-84285)

Gila CMS is an open source content management system CMS based on PHP and MySQL. Gila CMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload in a markup field...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

Monstra CMS 代码问题漏洞

Monstra CMS is a lightweight PHP-based content management system CMS from the Ukrainian personal developer Sergey Romanenko.A code issue vulnerability exists in Monstra CMS v3.0.4, which could be exploited by attackers to execute arbitrary web scripts or HTML...

CMS Made Simple 跨站脚本漏洞

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS...

Cross site scripting

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page...

GROWI 及更早跨站脚本漏洞

Weseek Growi is an open source wiki system that can be written in Markdown by Weseek Japan. A security vulnerability in GROWI v4.2.19 and earlier versions, which stems from insufficient tag cleanup, allows remote attackers to execute arbitrary scripts on the web browsers of users accessing...

EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting

Overview EC-CUBE plugin "Order Status Batch Change Plug-in" provided by ActiveFusions Co., Ltd. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by conducting a specific operation on the management page of EC-CUBE. ActiveFusions Co., Ltd. reported this...

CVE-2021-35493

The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting XSS vulnerabilities that allow a low privileged attacker ...

CVE-2021-35493

The CVE-2021-35493 issue affects TIBCO WebFOCUS WebFOCUS Client, Installer, and Reporting Server (WebFOCUS components). It is a cross-site scripting vulnerability (stored and reflected) caused by improper validation of user-supplied input. Affected releases are WebFOCUS Client, Installer, and Rep...

CVE-2020-19283

A reflected cross-site scripting XSS vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19284

A stored cross-site scripting XSS vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field...

CVE-2020-19266

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19266

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

Dswjcms 跨站脚本漏洞

Dswjcms is for individuals and personal lending launched a free p2p open source project , based on Thinkphp architecture of the industry system , fully automated installation mode , quickly build a P2P website . Dswjcms 1.6.4 version of the existence of cross-site scripting vulnerability , the...

Dswjcms 跨站脚本漏洞

Dswjcms is for individuals and personal lending launched a free p2p open source project , based on Thinkphp architecture of the industry system , fully automated installation mode , quickly build a P2P website . Dswjcms 1.6.4 version of the existence of cross-site scripting vulnerability , the...

Jeesns 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the editor's source field...

Nature Easy Soft Network Technology ZenTao 跨站脚本漏洞

Nature Easy Soft Network Technology ZenTao is China's easy soft Tianchuang network technology Nature Easy Soft Network Technology company's open source project management software. The software includes features such as product management, project management, quality management and document...

CVE-2020-18126

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

Cross-site Scripting (XSS) - Stored in namelessmc/nameless

✍️ Description Stored XSS in google analytics. 🕵️‍♂️ Proof of Concept 1. goto 'http://localhost/Nameless/index.php?route=/panel/core/seo/' logged in as admin. 2. enter "G-XXXXXXXX'; javascript:alert1; alert1; instead will cause any admin who visits the SEO page to have the java script activated on...