Unrestricted file upload

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user ope...

lacompaniadecarilo.com Cross Site Scripting vulnerability OBB-2327079

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-2XW8-J43J-5VXP elgg is vulnerable to Cross-site Scripting

elgg is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

come-and-win.de Cross Site Scripting vulnerability OBB-2326331

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-46068

A Stored Cross Site Scripting XSS vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel...

Cross site request forgery (csrf)

A Cross Site Request Forgery CSRF vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability...

CVE-2021-46080

The CVE-2021-46080 entry refers to Vehicle Service Management System 1.0 and describes a CSRF flaw that enables a stored XSS vulnerability. Public sources (CNVD/CNNVD and NVD) attribute the issue to forged-token validation failures in cross-site requests, leading to stored XSS when an attacker lu...

aposoft-business.de Cross Site Scripting vulnerability OBB-2325885

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kimerry.com Cross Site Scripting vulnerability OBB-2324616

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

uwpagina.nl Cross Site Scripting vulnerability OBB-2320497

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fenster-boss.de Cross Site Scripting vulnerability OBB-2320400

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

blikk.it Cross Site Scripting vulnerability OBB-2319737

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

polaroid-software.com Cross Site Scripting vulnerability OBB-2319048

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

edisford.lancsngfl.ac.uk Cross Site Scripting vulnerability OBB-2317762

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

imlemesou.org Cross Site Scripting vulnerability OBB-2316779

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-4176

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2021-4169

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

kdimr.ba Cross Site Scripting vulnerability OBB-2310908

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2020-20605

Blog CMS v1.0 contains a cross-site scripting XSS vulnerability in the /controller/CommentAdminController.java component...

tuexpoconstruccionyvivienda.com Cross Site Scripting vulnerability OBB-2308866

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...