CVE-2021-4292 OpenMRS Admin UI Module Manage Privilege Page privilege.gsp cross site scripting

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site...

CVE-2021-4292 OpenMRS Admin UI Module Manage Privilege Page privilege.gsp cross site scripting

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site...

CVE-2021-4292

OpenMRS Admin UI Module (up to 1.4.x) contains a cross-site scripting (XSS) vulnerability in the privilege.gsp handling on the Manage Privilege Page. The issue arises from processing on omod/src/main/webapp/pages/metadata/privileges/privilege.gsp, allowing remote initiation. The recommended fix i...

CVE-2021-4291 OpenMRS Admin UI Module location.gsp cross site scripting

A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be initiated...

CVE-2021-4291

The CVE-2021-4291 affects OpenMRS Admin UI Module up to v1.5.x, with exploitation targeting the file omod/src/main/webapp/pages/metadata/locations/location.gsp and enabling cross-site scripting. Remote attacker can trigger the issue; upgrading to v1.6.0 addresses it (patch: a7eefb5f69f6c50a3bffcb...

PT-2022-11742 · Openmrs · Openmrs Admin Ui Module

Name of the Vulnerable Software and Affected Versions: OpenMRS Admin UI Module versions up to 1.4.x Description: A vulnerability was found in the Manage Privilege Page component, affecting the processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp. This issue leads to...

Privilege Escalation

ezsystems/ezplatform-admin-ui is vulnerable to privilege escalation. The vulnerability exists because the library does not properly handle the Company admin role, allowing an admin user to assign any role to any user...

WordPress WP Admin UI Customize plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

CVE-2022-3824

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3824

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3824 WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin WP Admin UI Customize 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

PT-2022-24308 · WordPress · Wp Admin Ui Customize

Name of the Vulnerable Software and Affected Versions: WP Admin UI Customize WordPress plugin versions prior to 1.5.13 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname

Critical severity. It is possible to inject JavaScript XSS in the content type entries "name" and "short name". To exploit this, one must already have permission to edit content types, which limits it in many cases to people who are already administrators. However, please verify which users have...

GHSA-7644-CXP8-H23R ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname

Critical severity. It is possible to inject JavaScript XSS in the content type entries "name" and "short name". To exploit this, one must already have permission to edit content types, which limits it in many cases to people who are already administrators. However, please verify which users have...

ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)

It is possible to inject JavaScript XSS in the content type entries "name" and "short name". To exploit this, one must already have permission to edit content types, which limits it in many cases to people who are already administrators. However, please verify which users have this permission. Th...

WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "WP Admin UI Customize" » "Login...

WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "WP Admin UI Customize" » "Login Form". ...

CVE-2022-39270

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...

Code injection

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...