CVE-2022-24586

A stored cross-site scripting XSS vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters...

Cross-site Scripting (XSS)

remdex/livehelperchat is vulnerable to stored cross-site scripting. The vulnerability exists due to improper sanitization of the name field in embedcode.tpl.php which allows an attacker to steal user cookies and execute arbitrary scripts...

Cross-site Scripting (XSS)

remdex/livehelperchat is vulnerable to stored cross-site scripting. The vulnerability exists in msgobjlist.tpl.php which allows an attacker to inject and execute arbitrary scripts, which gets executed by browser viewing...

CVE-2022-22114

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...

Cross site scripting

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...

elecom lan routers cross-site scripting vulnerability

elecom lan routers is a router from Elecom Japan. elecom lan routers is vulnerable to cross-site scripting, which can be exploited to inject arbitrary scripts via unspecified vectors...

elecom lan 跨站脚本漏洞

elecom lan routers is a router from Elecom Japan. elecom lan routers is vulnerable to cross-site scripting, which can be exploited to inject arbitrary scripts via unspecified vectors...

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

Schneider Electric Nmc Embedded Devices 跨站脚本漏洞

The Schneider Electric Nmc Embedded Devices are a type of Nmc Embedded Devices from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Nmc Embedded Devices and NMC Embedded Devices that can be exploited by an attacker to execute arbitrary script...

Microsoft Edge (Chromium) < 95.0.1020.40 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.40. It is, therefore, affected by multiple vulnerabilities as referenced in the October 29, 2021 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker...

Google Chrome < 95.0.4638.69 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 95.0.4638.69. It is, therefore, affected by multiple vulnerabilities as referenced in the 202110stable-channel-update-for-desktop28 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69...

Cross site scripting

Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...

Cross site scripting

The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/jobsfunction.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions ...

WordPress 跨站脚本漏洞

WordPress plugin is a WordPress open source application plugin. WordPress plugin HAL has a cross-site scripting vulnerability that originates from several parameters in the /wp-hal.php file leading to insufficient input validation and cleanup, which can be exploited by an attacker with...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin KJM Admin Notices, which stems from insufficient input validation and cleanup of several parameters found in the /admin/class-kjm-admin-notices-admin.php file,...

Apache Superset up和Apache Superset 跨站脚本漏洞

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...

Cybozu Remote Service Cross-Site Scripting Vulnerability (CNVD-2021-78762)

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a cross-site scripting vulnerability exists in the Cybozu Remote Service management interface. A remote authenticated attacker can use this vulnerability to inject arbitrary scripts...

Cybozu Remote Service Cross-Site Scripting Vulnerability

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems. a cross-site scripting vulnerability exists in the Cybozu Remote Service management interface. A remote attacker can use this vulnerability to inject arbitrary scripts...

Cross-Site Scripting (XSS)

prestashop/pslinklist is vulnerable to cross-site scripting. The vulnerability exists because the custom URLs are not validated in 'buildForm' function in 'CustomUrlType.php' allowing a malicious attacker to inject arbitrary scripts...

Apache NiFi OS Command Injection Vulnerability

Apache NiFi is a data processing and distribution system from the Apache Foundation in the United States. The system is primarily used for data routing, transformation, and system mediation logic. versions prior to Apache NiFi MiNiFi C version 0.5.0 have security vulnerabilities that allow an...