6 matches found
Malicious code in @kp-admin/main (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e5dc03ae8edb86b5c5bd3968c80bda004a2d31b59095717c3ca8d4f6c1a9a553 The OpenSSF Package Analysis project identified '@kp-admin/main' @ 20.0.0 npm as malicious. It is considered malicious because: - The package...
RiteCMS Cross-Site Scripting Vulnerability
RiteCMS is a website CMS. A cross-site scripting vulnerability exists in RiteCMS version 3.0. An attacker can exploit this vulnerability to execute arbitrary code in the Main Menu Items of the Administration Menu via a specially crafted payload...
GHSA-4GFX-P2J4-W2VH Alkacon OpenCMS XSS via title and requestedResource parameters
Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to system/workplace/views/admin/admin-main.jsp or the 2 requestedResource parameter to system/login/index.html...
CVE-2021-39315
The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the /inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...
SEMCMS cross-site scripting vulnerability (CNVD-2019-01719)
SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A cross-site scripting vulnerability exists in SEMCMS version 3.4, which can be exploited by a remote attacker to inject arbitrary Web script or HTML into the copyright text box of the admin/SEMCMSMain.p...
Cross site scripting
Cross-site scripting XSS vulnerability in the Brother MFC-9970CDW printer with firmware G 1.03 and L 1.10 allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name QUERYSTRING to admin/adminmain.html, a different vulnerability than CVE-2013-2507 and...