1045 matches found
Cross-Site Scripting (XSS)
pimcore/pimcore is vulnerable to Cross-Site-Scripting XSS. The vulnerability exists in the generateLayoutTreeFromArray function in Service.php because the title field is not validated which allows an attacker to inject and execute arbitrary scripts...
Cross-Site Scripting (XSS)
iet-ou/open-media-player is vulnerable to cross-site scripting. The vulnerability exists in webvtt function of timedtext.php in the timedtext controller which allows an attacker to inject and execute arbitrary scripts...
MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
The plugin does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. PoC 1. Open a WP page with the plugin and Google analytics installed and search for...
CVE-2022-40841
A cross-site scripting XSS vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field...
CVE-2022-45769
A cross-site scripting XSS vulnerability in ClicShoppingV3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter...
CVE-2022-44953
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add"...
CVE-2022-44959
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2022-45214
A cross-site scripting XSS vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php...
CVE-2022-45040
A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...
CVE-2022-45038
A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field...
CVE-2022-43143
A cross-site scripting XSS vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container...
CVE-2022-45015
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field...
CVE-2022-43142
A cross-site scripting XSS vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...
Ricoh IPSiO SP 4210 跨站脚本漏洞
The Ricoh IPSiO SP 4210 is a laser printer from Ricoh Japan. A security vulnerability exists in the Ricoh IPSiO SP 4210, which can be exploited by an attacker to execute arbitrary scripts on the web browser of a user who logs into the product with administrative privileges...
CVE-2022-43144
A cross-site scripting XSS vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2022-43144
A cross-site scripting XSS vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
PT-2022-26774 · Unknown · Canteen Management System
Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Canteen Management System version 1.0, consider...
CVE-2022-43569
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting XSS in the object name of a Data Model...
Cross site scripting
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting XSS. The vulnerability affects instances with Splunk Web enabled...