15 matches found
Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)
Summary The Twig template resources/views/list/ale.twig renders the piggy bank name from AuditLogEntry.after.piggy using the |raw filter, bypassing Twig's auto-escaping. A piggy bank created with an HTML payload in its name executes arbitrary JavaScript in any browser viewing that transaction's...
GHSA-6JQ6-X4CX-QVCM Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)
Summary The Twig template resources/views/list/ale.twig renders the piggy bank name from AuditLogEntry.after.piggy using the |raw filter, bypassing Twig's auto-escaping. A piggy bank created with an HTML payload in its name executes arbitrary JavaScript in any browser viewing that transaction's...
EUVD-2015-8562
Malware in sbrugna...
Web-School ERP 跨站脚本漏洞
Web-School ERP is an application from Web-School India, Inc. An ERP application. A cross-site scripting vulnerability exists in School ERP Pro+Responsive version 1.0, which originates from a cross-site scripting vulnerability in the /schoolerp/officeadmin/ page for the esbankacc, esbankname,...
PHP Scripts Mall PHP Template Store Script Cross-Site Scripting Vulnerability
PHP Scripts Mall PHP Template Store Script is a set of scripts for selling website templates online by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall PHP Template Store Script version 3.0.6. The vulnerability can be exploited by a remote attacker to inject...
CVE-2018-14869
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile...
CVE-2018-14869
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile...
PT-2018-12770 · Php · Php Template Store Script
Name of the Vulnerable Software and Affected Versions: PHP Template Store Script version 3.0.6 Description: The issue allows for cross-site scripting XSS attacks through specific fields in a user's profile, including the Address line 1, Address Line 2, Bank name, or A/C Holder name field...
Cross-site Scripting
dolibarr is vulnerable to cross-site scripting attacks. The attack exists because it does not correctly filter the "url" field through the external calendar or 2 the bank name field in the "import external calendar" page, allowing the attacker to inject arbitrary script through them...
Multiple Cross-Site Scripting Vulnerabilities in Dolibarr ERP/CRM
Dolibarr ERP/CRM is the software that manages your company's business information. Multiple cross-site scripting vulnerabilities in Dolibarr ERP/CRM 3.8.3 and prior versions allow remote attackers to inject arbitrary web script or HTML via the url of an external calendar or the "Import External...
CVE-2015-8685
Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...
CVE-2015-8685
Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...
UBUNTU-CVE-2015-8685
Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...
CVE-2015-8685
Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...