6 matches found
Cross-site Scripting (XSS)
phpMyFAQ is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of malformed URLs in Utils::parseUrl, which allows an attacker to inject malicious JavaScript through comments and steal admin session cookies when affected pages are viewed...
CVE-2020-37018 GOautodial 4.0 - Persistent Cross-Site Scripting
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...
CVE-2022-45436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...
Egavilanmedia User Registration & Login System Cross-Site Scripting Vulnerability (CNVD-2021-01547)
Egavilanmedia User Registration & Login System is a management platform for user registration and login from Egavilanmedia, USA. A cross-site scripting vulnerability exists in EGavilanMedia User Registration and Login System With Admin Panel version 1.0, which can be exploited by an attacker to...
CVE-2020-16270
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...
5iSNS Content Payment System 1.0.9 suffers from XSS vulnerability
The 5iSNS content payment system integrates functional modules such as post articles and documents with social features. An XSS vulnerability exists in 5iSNS Paid-for-Content System 1.0.9, which can be exploited by an attacker to obtain administrator cookie information and log into the backend of...