EUVD-2022-4523

Malicious code in bioql PyPI...

EUVD-2024-32589

Malicious code in bioql PyPI...

EUVD-2022-1795

Malicious code in bioql PyPI...

CVE-2019-13339

In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php content box, which can be used to get a user's cookie...

CVE-2024-4023

A stored cross-site scripting XSS vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML fil...

CVE-2023-46722 Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Use...

PT-2022-26020 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows a remote attacker to inject javascript code on the back url parameter in the "appLms/index.php?modname=faq&op=play" function, potentially leading to the theft of user cookies...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Pimcore settings module is vulnerable to stored cross site scripting Proof of Concept 1 . Login to dev demo account. https://10.x-dev.pimcore.fun/ 2 . Goto settings --data objects --Add a new class -- add payload in icon field 3 . Click save and close and open that class alert will...

Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework

Description Stored cross site scripting vulnerability in pimcore app, name and description field field is vulnerable to xss in customer automation rules. Proof of Concept 1 .login to the account 2 .go to customers -- customer automation rules -- Add payload in name field. 3 .payload " Impact This...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Stored cross site scripting vulnerability in report class field on custom report feature. Proof of Concept 1 . Login to dev account https://10.x-dev.pimcore.fun/admin/ 2 . Go to marketing -- custom reports -- Report class :field in left navigation menu 3 . Add payload " in report clas...

IBM Datacap Fastdoc Capture Cross-Site Scripting Vulnerability

IBM Datacap Fastdoc Capture is a client-only capture software solution from IBM USA that automatically indexes scanned documents for accurate storage and retrieval. A cross-site scripting vulnerability exists in IBM Datacap Fastdoc Capture that stems from a lack of proper validation of client-sid...

XSS Vulnerability in Cloud Collection Reviews

Cloud collection allows users to online anytime, anywhere collection of a website, the site can view the content of other people's public collection and comment. The project is developed using SpringBoot2.0 MySQL and other technologies. Cloud collection of comments there is an XSS vulnerability ,...

XSS Vulnerability in Mercury X18G Router

Shenzhen Meike Star Communication Technology Co., Ltd. general business items include: computer wireless LAN products, computer hardware and software, communication equipment, electronic products, network security equipment technology development, etc.. The Mercury X18G router has an XSS...

Cross site scripting

All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front...

PT-2019-17849 · Overit · Geocall

Name of the Vulnerable Software and Affected Versions: OverIT Geocall versions prior to 6.3 build 2:346977 Description: An issue allows an unauthenticated attacker to obtain a cookie of an authenticated user and login to the web application through an unauthenticated servlet. Recommendations: For...

Discuz x1. 5 to steal any of the user cookie-vulnerability warning-the black bar safety net

Just submitted 3 6 0 did not pass. And then I'll blog publishing. ! ! ! ! ! ! That is so, thank you all. Reprint please indicate the...

HastyMail HTML Attachment Content-Disposition Header XSS

Binary data 2167.prm...

BasiliX Webmail 1.1 - Email Header HTML Injection

source: https://www.securityfocus.com/bid/10662/info BasiliX Webmail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this issue to gain acces...

Virtual Programming VP-ASP Shoperror Script 4/5 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/10534/info A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperror.asp' script. An attacker can exploit...

pod.board 1.1 Multiple Script XSS

The remote host is hosting the Pod.Board CGI suite, a set of PHP scripts designed to manage online forums. There is a cross-site scripting issue in this suite that could allow an attacker to steal the cookies of your legitimate users, by luring them into clicking on a rogue URL. %NASLMINLEVEL 703...