ServiceNow 跨站脚本漏洞

ServiceNow is a cloud computing platform from US-based ServiceNow, Inc. to help companies manage the digital workflow of their business operations. ServiceNow suffers from a security vulnerability. An attacker exploiting the vulnerability can inject arbitrary scripts...

Directory Traversal

johnpbloch/wordpress-core is vulnerable to Directory Traversal. The vulnerability exists in the determinelocale function via wplang parameter due to lack of file access restrictions which allows an unauthenticated attacker to access and load arbitrary translation files and to inject and execute...

Cross site scripting

A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...

CVE-2023-2119 Responsive Filterable Portfolio <= 1.0.19 - Reflected Cross-Site Scripting

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Epson printer 跨站脚本漏洞

Epson printer is a printer from the Japanese company Epson. A cross-site scripting vulnerability exists in Epson printer. An attacker can exploit this vulnerability to inject arbitrary script...

CVE-2022-47502

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

CVE-2023-27054

A cross-site scripting XSS vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module...

CVE-2023-27059

A cross-site scripting XSS vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field...

ServiceNow 跨站脚本漏洞

ServiceNow is a cloud computing platform from US-based ServiceNow, Inc. to help companies manage the digital workflow of their business operations. A security vulnerability exists in ServiceNow. An attacker exploiting the vulnerability is able to inject arbitrary scripts...

CVE-2023-27069

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...

CVE-2022-48111

A cross-site scripting XSS vulnerability in the checklogin function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter...

CVE-2023-27206

A cross-site scripting XSS vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter...

CVE-2023-27208

A cross-site scripting XSS vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter...

Stored XSS in "DATA IMPORTS" module

Description Due to improper data sanitization and validation in "DATA IMPORTS" module allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Payload In this PoC, I can inject into "Address" and "City" fields when importing new user by using the...

CVE-2023-24230

A stored cross-site scripting XSS vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter...

Remote File Inclusion

cakephp/cakephp is vulnerable to Remote File Inclusion. The vulnerability is due to the getViewFileName function in View.php which allows an attacker to execute arbitrary scripts outside the view path by manipulating view template filenames...

Cross site scripting

A stored cross-site scripting XSS vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper user input sanitization in add.php which allows an attacker to inject and execute arbitrary scripts...

CVE-2022-46968

A stored cross-site scripting XSS vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper user input sanitization in record.comments.php which allows an attacker to inject and execute arbitrary scripts...