9 matches found
GHSA-37FQ-47QJ-6J5J YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"
Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...
CVE-2026-29106 SuiteCRM has blind XSS in return_id parameter
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the returnid request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double quotati...
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
CVE-2024-34070
Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...
Linux Distros Unpatched Vulnerability : CVE-2019-14881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. CVE-2019-14881 Note th...
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
Cross site scripting
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
Crafter CMS Cross-Site Scripting Vulnerability
Crafter CMS is an open source content management system CMS for digital experience applications. A cross-site scripting vulnerability exists in Crafter CMS Crafter Studio version 3.0.1, which allows an attacker to exploit the vulnerability to be able to inject malicious JavaScript code, leading t...