39 matches found
EUVD-2019-20178
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...
CVE-2026-45627
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution...
PT-2026-41694
Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description The unauthenticated 'GET /api/app-images/logo' endpoint reflects a user-supplied color query parameter into the body of an SVG document using strings.ReplaceAll without proper escaping. This...
CVE-2022-0770
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access t...
CVE-2024-27162 DOM-based XSS
Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the...
Exploit for Cross-site Scripting in Escanav Escan_Management_Console
eScan Management Console 14.0.1400.2281 - Reflected Cross Sit...
UBUNTU-CVE-2022-45436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...
CVE-2022-43980
There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS...
Stored Cross Site Scripting (Network Maps Editor functionality)
Description Hello Team, Hope you are doing well. I have found a stored cross-site scripting vulnerability in the network maps edit functionality. What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry...
PT-2022-21139 · Unknown · Gin-Vue-Admin
Name of the Vulnerable Software and Affected Versions: Gin-Vue-Admin versions v2.5.1 through v2.5.3b Description: The issue allows for Unrestricted File Upload, leading to the execution of javascript code through the "Compress Upload" functionality to the Media Library. When an admin user views t...
CVE-2022-32177 Gin-vue-admin - Unrestricted File Upload
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the...
Doctor’s Appointment System 跨站脚本漏洞
Doctor's Appointment System is a doctor's appointment system by Hashen Udara, an individual developer. A security vulnerability exists in Doctor's Appointment System version 1.0, which stems from its admin panel allowing an attacker to steal a cookie to take over the administrator account...
CVE-2022-30017
Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing...
CVE-2020-19770
A cross-site scripting XSS vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie...
Cross site scripting
A cross-site scripting XSS vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie...
CVE-2020-19770
CVE-2020-19770 is a cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0. It can allow an attacker to steal an administrator’s cookie. The available connected documents confirm the affected software (WUZHI CMS 4.1.0) and the impact (cookie theft). No concr...
CVE-2020-19770
A cross-site scripting XSS vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie...
CVE-2020-21333
Cross Site Scripting XSS vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description There is a Stored XSS in the online invoicing system view price history which is lead by adding invoice items. 💥 TESTED VERSION https://github.com/bigprof-software/online-invoicing-system/releases/tag/v5.0 🕵️♂️ Proof of Concept POC Video:...
CVE-2020-24609
TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie v...