134 matches found
CVE-2024-29194
OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the ismasteradmin key, stored in the local storage of the browser, can be manipulated by an attacker. By...
CVE-2024-29194
OneUptime web application vulnerability: localStorage key is_master_admin can be changed from false to true, bypassing server-side checks and granting administrative privileges to a regular user. Root cause: improper validation of client-side stored data in the web app; privileges are controlled ...
BIT-MYBB-2022-43707
MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...
Dell Secure Connect Gateway 跨站脚本漏洞
Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. Dell Secure Connect Gateway suffers from a cross-site scripting vulnerability that originates from a cross-site scripting vulnerability in the Policy Manager that contains storage in the policy page. No detailed...
Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks otwshortcodetabslayout tabs="2"...
CVE-2023-5348 Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users...
WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS
Description The plugin does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks. curl https://example.com -H 'X-Forwarded-For: ' Then, as a high-privileged user, visit...
CVE-2023-41859
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin = 1.2 versions...
DEBIAN-CVE-2023-39515
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...
CVE-2023-38065
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2023-28520
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454...
CVE-2023-29492
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...
CVE-2023-1120
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.10.0...
MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
The plugin does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. PoC 1. Open a WP page with the plugin and Google analytics installed and search for...
MyBB MyCode Editor Cross-Site Scripting Vulnerability
MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in versions prior to mybb MyBB 1.8.32, which stems from a...
CVE-2022-43707
MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...
Cross site scripting
MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...
Cross site scripting
The application was vulnerable to an authenticated Stored Cross-Site Scripting XSS in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile...