FusionPBX 跨站脚本漏洞

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A security vulnerability exists in FusionPBX 4.5.7, which allows remote malicious users to...

PYSEC-2021-865

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with stripcomments=False...

CVE-2020-27852

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...

Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability

Rocketgenius Gravity Forms is a software solution from the Rocketgenius team. A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the textarea field...

GHSA-39CX-XCWJ-3RC4 Cross-Site Scripting in dojo

Affected versions of dojo are susceptible to a cross-site scripting vulnerability in the dijit.Editor and textarea components, which execute their contents as Javascript, even when sanitized. Recommendation Update to version 1.1.0 or later...

Cross-Site Scripting in dojo

Affected versions of dojo are susceptible to a cross-site scripting vulnerability in the dijit.Editor and textarea components, which execute their contents as Javascript, even when sanitized. Recommendation Update to version 1.1.0 or later...

CVE-2020-12635

XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field...

CVE-2020-12635

XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field...

Cross site scripting

XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field...

PT-2020-13175 · Magento · Webforms Pro M2

Name of the Vulnerable Software and Affected Versions: WebForms Pro M2 extension for Magento 2 versions prior to 2.9.17 Description: A cross-site scripting XSS issue exists in the WebForms Pro M2 extension for Magento 2. The issue is related to the textarea field. Recommendations: For versions...

Testimonial Rotator < 3.0.3 - Authenticated Stored Cross-Site Scripting (XSS)

A Stored XSS vulnerability has been found in the 'Author Information' textarea in testimonials from the plugin, which could allow an authenticated medium-privileged user contributor+ to inject arbitrary JavaScript. The XSS will be triggered for anyone visiting public posts or testimonial page...

Photoscape 'Textarea' Denial of Service Vulnerability

Photoscape is a free image processing and editing software with full features. A denial of service vulnerability exists in Photoscape 'Textarea'. The vulnerability can be exploited to launch a denial of service attack...

Photoscape Textarea Denial Of Service

Exploit Title: Photoscape 2.7.1 Object and select Create 6.- Paste ClipBoard on "Textarea" 7.- Crashed.. PoC : !/usr/bin/python3 buf = "" buf += "\x90"5000 print buf...

CVE-2019-12512

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanc...

Cross site scripting

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...

Cross site scripting

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanc...

CVE-2019-12513 Stored XSS via DHCP Discover Request Hostname

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...

CVE-2010-3672

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension...

Design/Logic Flaw

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension...