1936 matches found
CVE-2021-28145
Concrete CMS formerly concrete5 before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges...
CVE-2021-31550
An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers...
CVE-2022-42747
CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...
CVE-2022-35740
dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...
CVE-2019-18413
In TypeStack class-validator 0.10.2, validate input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not...
CVE-2020-10242
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...
CVE-2020-10596
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section...
CVE-2020-24599
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in modlatestactions allows XSS attacks...
CVE-2023-4100
Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions...
CVE-2022-31192
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...
CVE-2025-1232
The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks...
CVE-2019-16725
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...
CVE-2024-2583
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks...
EUVD-2017-11628
Malware in sbrugna...
EUVD-2017-11544
Malware in sbrugna...
EUVD-2014-5339
Malware in sbrugna...
EUVD-2012-3502
Malware in sbrugna...
EUVD-2012-2391
Malware in sbrugna...
EUVD-2010-4533
Malware in sbrugna...
EUVD-2021-21288
Malware in sbrugna...