54 matches found
CVE-2026-27474
SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...
CVE-2026-27474
SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...
CVE-2026-27474 SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix)
SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...
CVE-2026-27474
CVE-2026-27474 affects SPIP prior to 4.4.9, where the private area is vulnerable to Cross-Site Scripting due to incomplete application of the echappe_anti_xss() filter to input, form, button, and anchor tags. The issue compounds an incomplete fix from SPIP 4.4.8 and is not mitigated by the securi...
PT-2026-20847
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Cross-Site Scripting XSS issue in the private area. The echappe anti xss function was not consistently applied to input, form, button, and anchor HTML tags, enabling...
SPIP 安全漏洞
SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability. This vulnerability stemmed from the echappeantixss function not being applied systematically to HTML tags such as input fields, forms, buttons, and...
anti-xss
//: AUTO-GENERATED BY "PHP README Helper": base file - doc...
EUVD-2018-7547
Malware in sbrugna...
EUVD-2006-4468
Malware in sbrugna...
anti-xss
This is a PHP library called AntiXSS, which is designed to prevent cross-site scripting XSS attacks. The library provides a set of functions to sanitize user input and protect against XSS vulnerabilities. The library is maintained by Lars Moelleken and is available on Packagist, a popular PHP...
fr.kicknrollsports.com Cross Site Scripting vulnerability OBB-2544118
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2015-9276
SmarterMail (SmarterTools) before version 13.3.5535 is affected by a stored XSS vulnerability where attacker-controlled HTML/JS in an email bypasses anti-XSS protections. When a victim opens or replies to the attacker’s email, JS executes; passwords could be reset on the password-reset page that ...
[SECURITY] Fedora 28 Update: mozilla-noscript-10.1.9.6-1.fc28
The NoScript Firefox extension provides extra protection for Firefox. It allows JavaScript, Java, Flash and other plug-ins to be executed only by trusted web sites of your choice e.g. your online bank and additionally provides Anti-XSS protection...
[SECURITY] Fedora 27 Update: mozilla-noscript-10.1.9.6-1.fc27
The NoScript Firefox extension provides extra protection for Firefox. It allows JavaScript, Java, Flash and other plug-ins to be executed only by trusted web sites of your choice e.g. your online bank and additionally provides Anti-XSS protection...
WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Reflected XSS in FV Flowplayer Wordpress plugin ================================================================ Author: Janek Vind "waraxe" Date: 20. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-107.html Target...
CVE-2018-15676
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crkprotection.php anti-XSS mechanism that looks for a number of dangerous fingerprints...
Design/Logic Flaw
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crkprotection.php anti-XSS mechanism that looks for a number of dangerous fingerprints...
CVE-2018-15676
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crkprotection.php anti-XSS mechanism that looks for a number of dangerous fingerprints...
Rockstar Games: Stored XSS via Send crew invite
In this report, the researcher was able to demonstrate a vulnerability in our Crew Invite mechanism that could have allowed an attacker to carry out a Stored XSS attack. By modifying a request in-flight and injecting unexpected characters in the Invitation message body, it was possible to escape...
Rockstar Games: XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker)
In this report, the researcher discovered a Stored XSS vulnerability in the Add Friend functionality. It worked by filling the optional Message field with a XSS payload utilized an SVG object tag and some character escaping. When the recipient of the malicious friend request clicked or tapped the...