Cross-Site Scripting (XSS)

squid is vulnerasble to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the username or auth parameter in cachemgr.cgi...

CVE-2019-18267

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site...

Cross site scripting

In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...

PowerPanel Business Edition 3.4.0 Cross Site Scripting

Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Software Link: https://dl4jz3rbrsfum.cloudfront.net/software/ppbe340-linux-x8664.sh Version:...

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

Accentis Content Resource Management System Cross Site Scripting

Vulnerability type: Stored Cross Site Scripting Vendor: http://www.accentis.com.au/ Product: Accentis Content Resource Management System Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-3425 PROOF OF CONCEPT XSS Accentis Content Resource Management System before October 2015 pat...

[oCERT-2011-001] Chyrp input sanitization errors

2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...

XSS vulnerability in recently updated and configure RSS feed actions

Our eSecurity team has identified a Cross Site Scripting issue with the confluence server as follows: Arbirtatry javascript can be injected in the following cases which can lead to escalated or invalid privileges being granted to an unauthorized user: 1...

CVE-2006-2611

MediaWiki 1.6.x is affected in includes/Sanitizer.php (variable handler) by CVE-2006-2611. The vulnerability allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the | character, and is exploitable before revision r14349. The NVD notes a Medium risk w...