CVE-2023-41066

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields...

PT-2023-27769 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14 Description: An authentication issue was addressed with improved state management. This issue may allow an app to unexpectedly leak a user's credentials from secure text fields. Recommendations: For versions prior t...

Meldekarten Generator 跨站脚本漏洞

Meldekarten Generator is a project to create a program by the individual developer jucktnich. A cross-site scripting vulnerability exists in Meldekarten generator 1.0.0b1.1.1 and earlier versions, which stems from the vulnerability of all text fields on a web page to an XSS attack, where user inp...

DRUPAL-CONTRIB-2023-016

The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting XSS vulnerability. Th...

Simple File List < 6.0.10 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to...

LimeSurvey 跨站脚本漏洞

LimeSurvey formerly known as PHPSurveyor is an open source online survey program by the Limesurvey team, which supports survey program development, questionnaire distribution, and data collection. A cross-site scripting vulnerability exists in LimeSurvey version v5.4.15, which stems from its...

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from the ability to add arbitrary "Topic" resources after creating a course. In...

CVE-2022-1326

The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-1326

The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

Maccms 跨站脚本漏洞

Maccms is a PHP-based content management system CMS for film and television. A cross-site scripting vulnerability exists in Maccms 8, which stems from an issue containing cross-site scripting XSS stored via server group text fields...

Maccms 跨站脚本漏洞

Maccms is a PHP-based content management system CMS for film and television. A security vulnerability exists in Maccms 10, which stems from an issue containing cross-site scripting XSS stored via server group text fields...

Apache Superset OS Command Injection

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

GHSA-CJ7G-H7RF-H8J9 Apache Superset OS Command Injection

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

CVE-2022-25854

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload...

Cross site scripting

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload...

CVE-2022-25854

The CVE affects @yaireo/tagify before 4.9.8. The root cause is that the placeholder input is not escaped in the Tagify rendering logic (tagify.js), enabling an attacker to inject and trigger XSS via a malicious placeholder value. Impact is XSS in inputs using Tagify; exploitation details are not ...

CVE-2022-26205

Marky commit 3686565726c65756e was discovered to contain a remote code execution RCE vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload...

PT-2022-17720 · Marky · Marky

Name of the Vulnerable Software and Affected Versions: Marky commit 3686565726c65756e Description: The issue is related to a remote code execution RCE vulnerability. It allows attackers to execute arbitrary code via injection of a crafted payload through the Display text fields. Recommendations:...

CVE-2020-21082

A cross-site scripting XSS vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names...

CVE-2021-40864

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields...