CVE-2014-5198

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

Arbitrary IRC Command Execution

matrix-appservice-irc is vulnerable to arbitrary IRC command execution. The vulnerability is due to improper command handling, which allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user...

Magento Stored Cross-Site Scripting (XSS) Vulnerability

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

CVE-2024-54039 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2023-35859

A Reflected Cross-Site Scripting XSS vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters...

Remote Code Execution (RCE)

mocodo is vulnerable to Remote Code Execution. The vulnerability is due to improper input validation at /web/rewrite.php, which allows an attacker to inject and execute arbitrary code...

Daily Habit Tracker 1.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting XSS Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian...

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

Availability Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Trend Micro Apex Central 跨站脚本漏洞

Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...

Stored XSS

Description: The application contains a stored XSS vulnerability, which allows an attacker to inject and execute malicious scripts within the application. The vulnerability occurs due to improper input validation and output encoding mechanisms, which fail to adequately sanitize and encode...

Hospital Management System 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Remote Code Execution (RCE)

uflo-core is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the improper user input validation in the eval function of ExpressionContextImpl.java, allowing an attacker to inject and execute malicious commands...

UBUNTU-CVE-2022-39324

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...

Prototype Pollution

json5 is vulnerable to prototype pollution. The vulnerability exists in the internalize function in parse.js due to not restricting keys named proto which allows an attacker to inject specially crafted strings to pollute the prototype of the resulting object...

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject...

cruddl 安全漏洞

cruddl is an open source library from AEB Germany. Used to create a GraphQL API for your database , using GraphQL SDL for your architecture modeling . cruddl has a security vulnerability , an attacker can use this vulnerability can be able to inject arbitrary AQL queries , these queries will be...

Information Disclosure

kgexplore is vulnerable to information disclosure. An attacker can inject and execute malicious code through the request package and gain access to sensitive user information and digital currency keys...

Code injection

An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker...

Prototype Pollution

open-graph is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...