Cross-site Scripting (XSS)

enhavo is vulnerable to Cross-Site Scripting XSS. The vulnerability due to inadequate sanitization of user-supplied input in the Title text field, enabling attackers to inject and execute arbitrary scripts or HTML...

CVE-2023-52059

A cross-site scripting XSS vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

Cross-site scripting (XSS) vulnerability in Grav

A cross-site scripting XSS vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element...

CVE-2024-0955 Stored XSS vulnerability

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts...

[R1] Nessus Version 10.7.0 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.7.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 02/06/2024 - 11:07 Two separate vulnerabilities were discovered, reported and fixed: A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could...

a-blog cms security breach

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms. A remote attacker can exploit this vulnerability to execute arbitrary scripts on a logged-in user's web browser. The following versions are affected: versions 3.1.x through 3.1.7 and earlier,...

Popup Box Pro < 20.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a new popup and add the following payload in the Custom Content: Save, and...

MTN Group: DOM Based Reflected Cross Site Scripting

The outdated version of Swagger used by the notification-server-v2.sz-my.mtn.com asset was found to be vulnerable to a DOM-based reflected cross-site scripting vulnerability. The vulnerability was triggered by crafting a malicious URL that resulted in the execution of arbitrary scripts in the...

PT-2024-15199 · WordPress · The Essential Blocks – Page Builder Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 4.4.6 Description: The issue is related to Stored Cross-Site Scripting via the Table of Contents block due to...

Cross site scripting

A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input alert0x00C57D leads to cross site scripting. T...

Apache OpenOffice < 4.1.15 Multiple Vulnerabilities (macOS)

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as stated in the vendor advisories and release notes. - Apache OpenOffice documents can contain links that call internal macros with arbitrary...

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in Tiny Technologies TinyMCE prior to version 5.9.0, which originates from an authenticated, remote attacker who can insert crafted HTML into the editor, resulting in the...

CVE-2023-47804

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

CVE-2023-47804

CVE-2023-47804 affects Apache OpenOffice prior to 4.1.15. It stems from links in documents that call internal macros with arbitrary arguments; in affected versions, user approval for such links isn’t always requested, enabling arbitrary script execution when links are clicked or triggered by docu...

Cross-Site Scripting (XSS)

JFinalcms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists via carousel image editing which allows an attacker to inject and execute arbitrary scripts...

GHSA-3M87-5598-2V4F Withdrawn Advisory: Prometheus XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references. Original Description A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version...

Withdrawn Advisory: Prometheus XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references. Original Description A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Ubuntu: Security Advisory (USN-6546-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6546-1: LibreOffice vulnerabilities

Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary GStreamer plugins. CVE-2023-6185 Reginaldo Silva...