265 matches found
GHSA-7M8G-FPRR-47FX phpMyFAQ vulnerable to stored XSS on attachments filename
Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...
Cross site scripting
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the...
PYSEC-2023-264
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the...
PT-2023-27549 · Joomla · Extplorer
Name of the Vulnerable Software and Affected Versions: Extplorer component for Joomla affected versions not specified Description: A reflected XSS issue was discovered in the Extplorer component for Joomla. This issue allows for the execution of malicious scripts on the client-side, potentially...
PT-2023-24580
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.1.0 through 7.4.3.12 Liferay DXP versions 7.1.0 through 7.1 before fix pack 27 Liferay DXP versions 7.2.0 through 7.2 before fix pack 18 Liferay DXP versions 7.3.0 through 7.3 before update 4 Liferay DXP versions 7.4....
Progress ipswitch WS_FTP Server 跨站脚本漏洞
Progress ipswitch WSFTP Server is an FTP server software. A security vulnerability exists in Progress ipswitch WSFTP Server version 8.6.0 that originates from improper handling of user-supplied input. An attacker could exploit the vulnerability to execute malicious code and commands on the client...
Cross site scripting
Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...
CVE-2022-42967
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...
PT-2022-8622 · Feehicms · Feehicms
Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.0.8 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the lang attribute of an HTML tag. This enables attackers to execute malicious scripts on the client-side, potentially...
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9hmq-fm33-x4xx. This link is maintained to preserve external references. Original Description Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript...
CVE-2022-44303
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side...
MTN Group: Reflected - XSS
The Reflected XSS vulnerability was discovered on the website www.mtn.bj. The vulnerability was triggered by entering a malicious payload in the Messages section, which resulted in the execution of the payload on the client-side...
Stored cross site scripting
Hi Team, I have found a stored cross-site scripting vulnerability in the Create event section. Description What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry points for stored XSS are: message forums...
Stored Cross Site Scripting (Network Maps Editor functionality)
Description Hello Team, Hope you are doing well. I have found a stored cross-site scripting vulnerability in the network maps edit functionality. What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry...
CVE-2022-37140
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...
CVE-2022-35554
Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...
PT-2022-15844 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows for cross-site scripting XSS attacks via the appHandler in a deep link within an e-mail message. This can potentially lead to malicious script execution on the client-side...
IBM Engineering Lifecycle Optimization 跨站脚本漏洞
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...
Jenkins Plugin Deployment Dashboard 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
Admidio 跨站脚本漏洞
Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A cross-site scripting vulnerability exists in Admidio version 4.1.2, which stems from the program's lack of checksum filtering of...