CVE-2024-25973 Multiple Stored Cross-Site Scripting Vulnerabilities

The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting XSS vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog...

PHPGurukul Small CRM 跨站脚本漏洞

Small CRM is a customer relationship management system. Small CRM suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of data provided in the Request a Quote field, which can be exploited by an attacker to store and execute malicious...

ASUS RT-AX88U 跨站脚本漏洞

The ASUS RT-AX88U is a wireless router from Asus China. The ASUS RT-AX88U suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the Custom User Icons feature, which can be exploited by an attacker to perform a store...

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

SUSE CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

PrimeKey EJBCA 跨站脚本漏洞

PrimeKey EJBCA is a full-featured CA system software from PrimeKey Sweden. The software is used for domain certificate management, enrollment and enrollment-to-certificate validation and other functions to achieve access security. A cross-site scripting vulnerability exists in versions of PrimeKe...

Bosch VIDEOJET multi 4000 跨站脚本漏洞

Bosch VIDEOJET multi 4000 is a 16-channel CCTV video encoder from Bosch. It provides best-in-class IP video performance for security camera systems. A security vulnerability exists in the Bosch VIDEOJET multi 4000 version, which stems from incomplete filtering of JavaScript code for different...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in the XWiki Platform Index UI prior to version 13.10.6 and prior to version 14.3, which stems from the ability to store JavaScript that can be...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in the XWiki Platform Web Parent POM prior to version 13.10.6 and prior to version 14.30-rc-1, which stems from the ability to store JavaScript th...

CVE-2022-1995

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup...

CVE-2022-1028

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml ...

Gentics Software Gentics CMS 跨站脚本漏洞

Gentics Software Gentics CMS is a digital publishing and content management system from the Austrian company Gentics Software. A cross-site scripting vulnerability exists in Gentics CMS version 5.36.29. An attacker can exploit this vulnerability to store malicious JavaScript code in user names an...

CVE-2021-45228

An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user...

CVE-2021-32005

Cross-site Scripting XSS vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions...

PT-2021-16898 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: Publify versions v8.0 through v9.2.4 Description: The issue allows a user with a publisher role to inject and execute arbitrary JavaScript code, enabling stored XSS attacks. This can occur while creating a page or article, potentially through...

UBUNTU-CVE-2021-21319

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround this is the default state...

ShinHer StudyOnline System 跨站脚本漏洞

ShinHer StudyOnline System is a school administration system from ShinHer, a Chinese company. special characters in the title parameter. An attacker could use this vulnerability to inject JavaScript and execute a stored XSS attack after logging in with user privileges...

Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin

Description Stored XSS Content allows for the arbitrary execution of JavaScript Proof of Concept In Wechat management at feature - Reply rule management - Follow reply configuration - Default reply configuration - Follow automatic replies Save Reply text with payload : \x3csVg/\x3e XSS will trigg...

PT-2021-15976 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: User Registration, User Profiles, Login & Membership – ProfilePress Formerly WP User Avatar WordPress plugin versions prior to 3.1.8 Description: The issue allows high privilege users, such as admins, to set JavaScript payloads in some...

SourceCodester Gym Management System Cross-Site Scripting Vulnerability

SourceCodester Gym Management System is the American SourceCodester company's a gym management system. The system by C and sql server for the development of technology, with customer and supplier management, product management, sales management, gym membership management, fitness assessment, syst...