176 matches found
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
CVE-2023-20218
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the...
Event Booking Calendar 1.8 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
GHSA-7J98-H7FP-4VWJ smarty Cross-site Scripting vulnerability in Javascript escaping
Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...
CVE-2022-45137
The configuration backend of the web-based management is vulnerable to reflected XSS Cross-Site Scripting attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability...
Micro Focus Operations Bridge Manager 跨站脚本漏洞
Micro Focus Operations Bridge Manager is a software application from Micro Focus UK. It provides a monitoring function. A security vulnerability exists in Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11, Micro Focus Micro Focus Operations Bridge- Containerized versions...
GHSA-PGXV-H967-FW2Q Improper Neutralization of Input During Web Page Generation in Jenkins
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other us...
Cross site scripting
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars...
Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting Vulnerability
enteliTouch XSS alertdocument.cookie" / input type="hidden" n...
Cross site scripting
A Cross-Site Scripting XSS attack can cause arbitrary code javascript to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the...
Cross site scripting
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
Nextcloud Talk 跨站脚本漏洞
Nextcloud Talk, a self-hosted local audio/video and chat communication service from Germany-based Nextcloud, is vulnerable to a cross-site scripting vulnerability that could be exploited by remote attackers to inject and execute arbitrary HTML and script code in the user's browser within the...
CVE-2021-33849
A Cross-Site Scripting XSS attack can cause arbitrary code JavaScript to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload...
Cross-site Scripting (XSS) - Reflected in yeswiki/yeswiki
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Album" 1 under "Search" menu then click "Search" 2: 💥 Impact By uploading an mp3 with javascript code into meta tag...
The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from the lack of measures taken to protect the website structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using ...
Ec-cube cross-site scripting vulnerability (CNVD-2021-46277)
Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . Ec-cube suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code in the user's browser...
Apache Superset Stored Cross-Site Scripting Vulnerability
Apache Superset up is an open source application from the Apache Foundation that provides a design for horizontal scaling in large distributed environments. A security vulnerability exists in Apache Superset 0.38.0 and earlier versions, which can be exploited by an attacker to inject javascript...
Cross-Site Scripting (XSS)
@angular/core is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser through SSR into a comment node...
Wekan vulnerable to cross-site scripting
Overview Wekan, open source kanban board system, is vulnerable to cross-site scripting CWE-79. This vulnerability is treated as one of multiple cross-site scripting vulnerabilities, named "Fieldbleed". Ryoya Koyama at Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...