CVE-2022-1293

The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions...

CVE-2022-1293

The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions...

CVE-2022-25238

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...

CVE-2021-27781

The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...

CVE-2021-27781

The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...

GHSA-QFHW-FV3G-V836 Plone has stored XSS in folder contents

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

Plone has stored XSS in folder contents

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

Cyclos 4.14.7 - (groupId) DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A Dom-based Cross-sit...

CVE-2020-23617

A cross site scripting XSS vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element...

Code injection

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute maliciou...

Emoji-Button 跨站脚本漏洞

Emoji-Button is a native JavaScript emoji selector. emoji-Button is vulnerable to a cross-site scripting vulnerability that stems from the lack of effective filtering and validation of URLs and i18n strings in the software for custom emoji, which could be exploited by an attacker to craft an inpu...

CVE-2021-24610 TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...

WordPress plugin Highlight 跨站脚本漏洞

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in Wordpress Plugin Highlight, which stems from the...

CVE-2021-35959

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

PYSEC-2021-110

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

CVE-2021-35959

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

Plone 跨站脚本漏洞

Plone is an open source content management system CMS built on the Zope application server. Plone suffers from a cross-site scripting vulnerability in versions 5.0 through 5.2.4 that stems from the fact that if a contributor creates a folder with a SCRIPT tag in the description field, the editor ...

GO-2022-0762 Cross-site scripting due to incorrect sanitization in github.com/microcosm-cc/bluemonday

An XSS injection was possible because the sanitization of the Cyrillic character i bypass a protection mechanism against user-inputted HTML elements such as the tag...

Kirby 跨站脚本漏洞

Kirby is a file-based content management system CMS. Kirby suffers from a cross-site scripting vulnerability that allows a write-access editor to upload SVG files containing harmful content such as "script" tags...

JavaScript execution via malicious molfiles (XSS)

Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...