Stored XSS in Task field

Description The application Titra is vulnerable to Stored XSS in Task field. Steps To Reproduce 1. Click on add Track button 2. In the Task field enter the payload " 3. click save 4. Now Click on Details 5. XSS will be triggered Image PoC...

CVE-2020-36524 Refined Toolkit UI-Image/UI-Button cross site scripting

A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2020-36524

CVE-2020-36524 concerns Refined Toolkit (Confluence) with a cross-site scripting vulnerability in the UI-Image/UI-Button component. Connected sources confirm the issue can be triggered remotely and that the exploit has been disclosed publicly. CNNVD cites a specific version (Refined Toolkit for C...

OPENSUSE-SU-2022:0156-1 Security update for opera

This update for opera fixes the following issues: Update to 87.0.4390.25: - CHR-8870 Update chromium on desktop-stable-101-4390 to 101.0.4951.64 - DNA-99209 Enable easy-files-multiupload on all streams - DNA-99325 Use a preference to set number of recent searches and recently closed in unfiltered...

GHSA-WV63-GWR9-5C55 Stored XSS vulnerability in Jenkins button labels

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI. This results in a cross-site scripting vulnerability exploitable by attackers with the ability to control button labels. An example of buttons with a user-controlled label are the buttons of the...

GHSA-M497-HQ5X-6JCV Mattermost Server allows attackers to create buttons that can launch API requests

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

Mattermost Server allows attackers to create buttons that can launch API requests

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

WordPress Like Button Rating LikeBtn plugin <= 2.6.44 - Arbitrary e-mail Sending vulnerability

Arbitrary e-mail Sending vulnerability discovered by Krzysztof Zając in WordPress Like Button Rating LikeBtn plugin versions = 2.6.44. Solution Update the WordPress Like Button Rating LikeBtn plugin to the latest available version at least 2.6.45...

CVE-2022-1455

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...

CVE-2022-1217

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

Cross site scripting

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...

CVE-2022-1455 Call Now Button < 1.1.2 - Reflected Cross-Site Scripting

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...

CVE-2022-1455

The CVE-2022-1455 entry concerns the WordPress Call Now Button plugin prior to version 1.1.2, where a parameter output into a hidden input attribute is not escaped, enabling Reflected Cross-Site Scripting. The vulnerability affects versions before 1.1.2; the root cause is failure to escape user-c...

WordPress plugin Custom TinyMCE Shortcode Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress Custom TinyMCE Shortcode Buttons plugin version 1.1 and earlier is vulnerable to a...

WordPress plugin Call Now Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Call Now Buttons plugin prior ...

Bolt Cross-site Scripting (XSS) via text input click preview button

Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry...

GHSA-QPG9-83FV-X9CH Improper Neutralization of Input During Web Page Generation in Jenkins

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting XSS vulnerability exploitable by users with the ability to control job names...

kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()

An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to...

Video Conferencing Apps Sometimes Ignore the Mute Button

New research: "Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps": Abstract: In the post-pandemic era, video conferencing apps VCAs have converted previously private spaces -- bedrooms, living rooms, and kitchens -- into semi-public extensions of the office. And...

CVE-2022-27854

Stored Cross-Site Scripting XSS vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher role via &wpttestpagesubmitbuttoncaption parameter...