CVE-2020-9334

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

Cross site scripting

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

CVE-2020-9003

A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

CVE-2019-10178

It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...

Security Bulletin: IBM Sterling B2B Integrator Is Vulnerable to Cross-site Scripting Due to the Vulnerability of 10x (CVE-2016-5892)

Summary IBM Sterling B2B Integrator is vulnerable to cross-site scripting due to the vulnerability of 10x. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a trusted...

CVE-2020-8498

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...

CVE-2020-8498

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users e.g., ones who have t...

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which allows users to embed arbitrary JavaScript code in the Web UI (CVE-2019-4665)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale that could allow users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. A fix for this...

CVE-2019-8146

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores...

CVE-2019-8138

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

CVE-2019-8138

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

CVE-2019-8138

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

CVE-2019-8120

A stored cross-site scripting XSS vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address...

CVE-2019-18667

/usr/local/www/freeradiusviewconfig.php in the freeradius3 package before 0.15.73 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser...

CVE-2019-4564

IBM Security Key Lifecycle Manager (SKLM) is affected by CVE-2019-4564 across versions 2.6–3.0.1. The vulnerability is a cross-site scripting flaw that lets an attacker embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected produ...

CVE-2019-5479

An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...

Opencart 3.x - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Opencart 3.x.x Authenticated Stored XSS Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

Opencart 3.x - Cross-Site Scripting

Opencart 3.x - Cross-Site Scripting Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...