Cross site scripting

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

Cross-Site Scripting (XSS)

Liferay Layout SEO Web is vulnerable to stored cross-site scripting. The vulnerability exists in getOpenGraphTag function in OpenGraphTopHeadDynamicInclude.java due to lack of html escaping which allows an attacker to inject and execute arbitrary javascript...

GHSA-9W7H-3WWH-6M5Q Cross-site Scripting in Microweber

Microweber prior to 1.2.15 is vulnerable to reflected cross-site scripting on demo.microweber.org/demo/module/. This allows the execution of arbitrary JavaScript as the attacked user...

CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...

CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...

Cross site scripting

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...

CVE-2022-1439 Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...

CVE-2022-1439 Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...

CVE-2022-22436

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164...

GitLab 13.5 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-39906)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf. CVE-2021-39906 Note that Nessus has not tested...

Cross Site Scripting (XSS)

vditor is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in user input fields which allows a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists in FeedWidget.js because it doesn't filter out the valid input links which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

Keycloak Core is vulnerable to reflected cross-site scripting. The vulnerability exists via the POST http requests due to lack of escaping which allows a malicious attacker to inject and execute arbitrary javascript...

Royale Event Management System 1.0 Cross Site Scripting

Exploit Title: Royale Event Management System 1.0 - Cross-site Scripting Stored unauthenticated Date: 17/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title:...

stored xss

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage Proof of Concept 1. A low-priv user create a page with the following...

Parsedown Class-Name Injection

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

One Church Management System 1.0 Cross Site Scripting

Exploit Title: One Church Management System 1.0 - Multiple Cross-site Scripting Date: 17/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ One...

WordPress Easy Social Icons plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Easy Social Icons plugin prior to 3.2.1, which stems from the...

Cross-Site Scripting (XSS)

github.com/misp/misp is vulnerable to stored cross-site scripting. The vulnerability exist in adminadd.ctp and adminedit.ctp when modifying the user which allows a malicious attacker to inject and execute arbitrary javascript...

CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript...