CVE-2022-22125 Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Tag

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...

CVE-2022-22124 Halo CMS - Stored Cross-Site Scripting (XSS) in Profile Image

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the profile image. An authenticated attacker can upload a carefully crafted SVG file that will trigger arbitrary javascript to run on a victim’s browser...

CVE-2022-22123 Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Title

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server...

CVE-2021-44649

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

PYSEC-2022-7

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

Cross site scripting

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

Cross-site Scripting (XSS) - Generic in projectsend/projectsend

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

CVE-2021-38895

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

Cross-site Scripting (XSS) - Stored in getgrav/grav

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. I used &58 instead of : in the href attribute of tag to bypass the xss...

Cross-site Scripting (XSS) - Stored in star7th/showdoc

Description Stored XSS via upload attachment with format .svg in File Library. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg var...

Cross-site Scripting (XSS)

ajaxnetprofessional is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of input validation in parse function of AjaxPro/core.js in when parsing json input which allows a malicious attacker to inject and execute arbitrary javascript...

Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin

Description grav-plugin-admin 1.10.25 has a Stored-XSS vulnerability that is executed when metadata information of a file whose name contains javascript are shown. Proof of Concept 1 - After installing grav+admin browse to http://127.0.0.1/admin/pages/home. 2 - Create a file named as follows:...

Cross-site Scripting (XSS) - Generic in bigbluebutton/bigbluebutton

Description Shared notes panel is vulnerable to XSS when rendering a new note, due to missing username sanitization. Proof of Concept 1. 1.Start a new web conference and share the link with other people 2. 2.A malicious user joins the conference with the following username: 3. 3.As soon as the...

CVE-2021-29116

A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...

Cross-site Scripting (XSS)

snipe-it is vulnerable to cross-site scripting attacks. The vulnerability exists because the custom field values in API response in transformAsset function of AssetsTransformer.php is not properly encoded which allows an attacker to inject and execute arbitrary Javascript...

CVE-2021-38982

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

UBUNTU-CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

CVE-2020-4140

IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052...

GNU Mailman 跨站脚本漏洞

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, conte...