Embedded Malicious Code

Overview art-template is a simple and superfast templating engine that optimizes template rendering speed by scope pre-declared technique, hence achieving runtime performance which is close to the limits of JavaScript. At the same time, it supports both NodeJS and browser. Affected versions of th...

EUVD-2025-209831

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...

Stored Cross Site Scripting at FAQ Answer

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

Stored XSS in Properties Parameter

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

Cross Site Scripting (XSS) in Assets

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

Vditor Cross-site Scripting vulnerability

Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue...

Cross site scripting

Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue...

Cross-site Scripting (XSS) - Generic in projectsend/projectsend

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

Cross-site Scripting (XSS) - Reflected in dmpop/mejiro

Description From OWASP : : Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script...

Node.js third-party modules: [min-http-server] Stored XSS in the filename when directories listing

I would like to report Stored XSS in module "min-http-server". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: min-http-server version: 1.0.6 npm page:...

Cross site scripting

Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/studentportal/home.php. The affected versions are eMLi...

phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path

Exploit for php platform in category web applications ======================================================= phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path ======================================================= Exploit Title: phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path...

Blog System 1.5 - Multiple Vulnerabilities

Blog System 1.5 - Multiple Vulnerabilities Exploit Title: Blog System | www.DigitalWhisper.co.il Software Link: http://www.netartmedia.net/blogsystem/ | http://www.netartmedia.net/blogsystem/demo.html Version: = 1.5 Tested on: PHP Cross Site Scripting Cross-Site Scripting attacks are a type of...