260 matches found
CVE-2022-46670 Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack
Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an...
CVE-2022-3838
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-22298 · WordPress · Wp Attachments
Name of the Vulnerable Software and Affected Versions: WP Attachments versions prior to 5.0.5 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitized and escaped. The atta...
CVE-2022-3420 Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS
The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...
PT-2022-24681 · U-Office · U-Office
Name of the Vulnerable Software and Affected Versions: U-Office affected versions not specified Description: The issue is related to insufficient filtering for special characters in the Force PrintMessage function. This allows an unauthenticated remote attacker to inject JavaScript, potentially...
PT-2022-24680 · U-Office · U-Office
Name of the Vulnerable Software and Affected Versions: U-Office affected versions not specified Description: The issue is related to insufficient filtering for special characters in the Force Bulletin function, allowing an unauthenticated remote attacker to inject JavaScript and perform a Reflect...
CVE-2022-1755 SVG Support < 2.5 - Author+ Stored Cross-Site Scripting
The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...
CVE-2022-40029
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...
Hyperledger: fix(cmd-socketio-server): mitigate cross site scripting attack #2068
Please refer this fix and approve Bounty. See this In Github Security Fix @ryjones https://github.com/hyperledger/cactus/pull/2068issuecomment-1186157206 Impact fixcmd-socketio-server: mitigate cross site scripting attack...
Cross-site Scripting (XSS)
firefox is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of URI in CSS stylesheets allowing an attacker to inject maliciously crafted script into the system...
CVE-2022-29876
A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks...
CVE-2022-20740
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management...
WordPress plugin 跨站脚本漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. Wordpress Social Share, Social Login and Social Comments has a cross-site scripting vulnerability that can be exploited by attackers to inject JavaScript and perform reflective XSS attacks...
Mageia: Security Advisory (MGASA-2013-0217)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
S-CMS cross-site scripting vulnerability in Zibo Shining Network Technology Co.
S-CMS is a PHP and MySQL-based content management system CMS from S-CMS China. A security vulnerability exists in S-CMS Government Station Building System v5.0, which can be exploited by attackers to execute cross-site scripting attack XSS via /function/booksave.php...
KLA12287 XSS vulnerability in Microsoft Dynamics
A cross-site-scripting XSS vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to perform cross-site scripting attack. Original advisories CVE-2021-40440 Related products Microsoft-Dynamics-365 CVE list CVE-2021-40440 unknown KB list 5006076 5006075...
CVE-2021-1825
An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross sit...
FortiManager and FortiAnalyzer - Multiple reflected XSS
Multiple improper neutralization of input during web page generation CWE-79 in FortiManager and FortiAnalyzer user interface may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious payload in GET parameters...
CVE-2021-29105 There is a stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below.
A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory...
CVE-2021-1395
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...