Cross site scripting

A stored cross site scripting XSS vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules...

moziloCMS 跨站脚本漏洞

moziloCMS is open source a content management system CMS. A security vulnerability exists in moziloCMS, which can be exploited by an attacker to execute arbitrary web script or HTML through a specially crafted load by entering the "Content" parameter...

PHP-Fusion cross-site scripting vulnerability (CNVD-2021-48512)

PHP-Fusion is a lightweight open source content management system. A stored cross-site scripting vulnerability exists in /administration/settingsregistration.php in PHP-Fusion version 9.03.60, which can be exploited to execute arbitrary web script or HTML via the "registration" field...

CVE-2020-23192

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module...

Cross site scripting

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module...

Cross site scripting

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module...

Ec-cube 跨站脚本漏洞

Ec-Cube is an open source system for creating shopping websites. A cross-site scripting vulnerability exists in Ec-Cube. An attacker can exploit this vulnerability by tricking an administrator or user into visiting a specially crafted page and performing certain actions to execute arbitrary scrip...

Ice Hrm 跨站脚本漏洞

Ice Hrm is a human resource management system. A cross-site scripting vulnerability exists in Ice Hrm 29.0.0 OS. An attacker can exploit the vulnerability by uploading a crafted file that will result in the execution of arbitrary web script or HTML...

iCMS 跨站请求伪造漏洞

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in iCMS version 7.0.16. An attacker can exploit this vulnerability to execute arbitrary web scripts...

WonderLink Yomi-Search 跨站脚本漏洞

WonderLink Yomi-Search is a WonderLink application. A multi-purpose search engine. A security vulnerability exists in Yomi-Search Ver4.22, which can be exploited to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search...

Kangtaike SolarView Compact SV-CPT-MC310 Cross-Site Scripting Vulnerability

Kangtaike SolarView Compact is an application system from Kangtaike, Japan. Kangtaike SolarView Compact SV-CPT-MC310 is vulnerable to cross-site scripting, which can be exploited by attackers to inject arbitrary scripts via unspecified vectors...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22653)

Six Apart Movable Type is an application of Six Apart, Inc. Six Apart Movable Type has a cross-site scripting vulnerability in several of its products, which stems from the lack of proper validation of client data in the WEB application and can be exploited to inject arbitrary scripts via...

Luxion KeyShot Path Traversal Vulnerability

Luxion KeyShot is a software for designing photos of 3D scenes from Luxion USA. The software enables a real-time 3D rendering workflow that displays results immediately and reduces the time required to create photorealistic product photos. A path traversal vulnerability exists in the Luxion KeySh...

File upload vulnerability exists in UCMS (CNVD-2021-21601)

UCMS is a content management system written in PHP. There is a file upload vulnerability in the UCMS backend, which can be exploited by an attacker to upload arbitrary scripts to obtain a website webshell...

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22654)

Six Apart Movable Type is an application of Six Apart, Inc. Six Apart Movable Type has a cross-site scripting vulnerability in several of its products, which stems from the lack of proper validation of client data in the WEB application and can be exploited to inject arbitrary scripts via...

CVE-2021-22651

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a...

CVE-2021-20644

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page...

CVE-2021-20644

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page...

CVE-2021-20644

CVE-2021-20644 affects ELECOM WRC-1467GHBK-A. The vulnerability arises in the web setup page where displaying a specially crafted SSID can cause arbitrary scripts to execute in a user’s browser (cross-site scripting). The connected documents confirm the affected product and the impact as script e...

Luxion KeyShot 路径遍历漏洞

Luxion KeyShot is a software for designing photos of 3D scenes from Luxion USA. The software enables a real-time 3D rendering workflow that displays results immediately and reduces the time required to create photorealistic product photos. A path traversal vulnerability exists in the Luxion KeySh...