97 matches found
CVE-2023-39676
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php...
CVE-2023-39676
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php...
CVE-2023-39676
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php...
CVE-2020-21643
Cross Site Scripting XSS vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop...
Cross site scripting
Cross Site Scripting XSS vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop...
HongCMS 跨站脚本漏洞
HongCMS is an open source lightweight content management system CMS. A cross-site scripting vulnerability exists in HongCMS version 3.0, which originates from running arbitrary code via the callback parameter of /ajax/myshop. An attacker can exploit this vulnerability to perform a cross-site...
PT-2023-11595 · Hongcms · Hongcms
Name of the Vulnerable Software and Affected Versions: HongCMS version 3.0 Description: The issue allows attackers to run arbitrary code via the callback parameter to the "/ajax/myshop" API endpoint. This enables attackers to execute malicious scripts, potentially leading to unauthorized access o...
SUSE CVE-2008-1318
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation JSON formatted results...
SUSE CVE-2015-8615
The hvmsetcallbackvia function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method HVMPARAMCALLBACKIRQ...
SUSE CVE-2022-3697
A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs...
CVE-2022-40002
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...
PT-2022-25161 · Feehicms · Feehicms
Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.1.1 Description: The issue allows remote attackers to run arbitrary code via the callback parameter to the "/cms/notify" API endpoint. This enables attackers to execute malicious scripts on the victim's browser, potentially...
CVE-2022-40002
Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...
CVE-2022-40002
FeehiCMS 2.1.1 is affected. The vulnerability allows an attacker to execute arbitrary scripts via the callback parameter to the /cms/notify API, leading to XSS and potential browser-based actions. Root cause: unvalidated callback handling in the notify endpoint. Affected component: FeehiCMS-2.1.1...
PT-2022-24174 · Unknown · Eolinker Apinto-Dashboard
Name of the Vulnerable Software and Affected Versions: eolinker apinto-dashboard affected versions not specified Description: A problematic issue has been found, affecting an unknown function of the file /login. The manipulation of the callback argument leads to cross-site scripting. It is possib...
apinto-dashboard 跨站脚本漏洞
apinto-dashboard is a visual UI project open source by eolinker. apinto-dashboard has a security vulnerability , the vulnerability stems from some unknown features of the login , the operation of the parameter callback leads to cross-site scripting...
PT-2022-24167 · Eolinker · Eolinker Apinto-Dashboard
Name of the Vulnerable Software and Affected Versions: eolinker apinto-dashboard affected versions not specified Description: A problematic issue affects the processing of the file /login, where the manipulation of the callback argument leads to an open redirect. This issue can be initiated...
GHSA-PCHF-755W-JJ6V QooxDoo XSS in Callback Parameter
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
QooxDoo XSS in Callback Parameter
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
CVE-2022-1020
The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...