WordPress plugin MC4WP跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress MC4WP plugin 4.8.6 and earlier versions have a cross-site scripting vulnerability that can ...

Insecure cookie storage in Apache Atlas

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...

GHSA-WVMQ-W7M8-G9XM Insecure cookie storage in Apache Atlas

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...

WordPress plugin LifterLMS PayPal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress LifterLMS PayPal plugin...

Microweber 跨站脚本漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in Microweber, which stems from the program's lack of checksum filtering of...

ArchivistaBox webclient 跨站脚本漏洞

ArchivistaBox webclient is a personal file management system from the Swiss company Archivista. cross-site scripting vulnerability exists in previous versions of ArchivistaBox webclient 2022/I, which stems from the program's lack of data validation filtering of user-supplied data and output. An...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions prior to Wordpress Plugin Simple Download Monitor 3.9.11, which stems fr...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. The .htaccess Redirect plugin is a WordPress open source application plugin. The WordPress .htaccess Redirect...

Airangel Hsmx Gateway 跨站脚本漏洞

Airangel Hsmx Gateway is a platform from Airangel UK. It is used to manage authentication and billing in the network.A cross-site scripting vulnerability exists in versions of Airangel Hsmx Gateway prior to 5.2.04, which stems from a lack of data validation filtering of user-supplied data and...

WordPress 插件跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. Translate WordPress-Google Language Translator prior to version 6.0.12 suffers from a cross-site scripting vulnerability, which...

GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...

CVE-2019-6835

A Cross-Site Scripting XSS CWE-79 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to inject...

CVE-2019-6835

A Cross-Site Scripting XSS CWE-79 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to inject...

CVE-2019-16187

Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script...

CVE-2019-16187

Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script...

OLX: XSS - main page - search[user_id] parameter

Hi, how you doing? This is a pretty straight foward XSS in the main page. Affected parameter: searchuserid Direct Link: https://www.olx.pt/braga/?searchuserid=1zqjeu'":/1zqjeu;9, ;prompt9;&view=galleryWide Tested in updated firefox. Impact XSS allows a intruder to inject html and client side...

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version: BDHDV6MF65V1.0.0B05 Tested on: Windows 10 x64 CVE:...

GHSA-FWX5-5FQJ-JV98 Cross-Site Scripting in morris.js

Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script will run o...

Barracuda Cloud Control v3.020 - CS XSS Web Vulnerability

Document Title: =============== Barracuda Cloud Control v3.020 - CS XSS Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=662 Release Date: ============= 2018-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 6...

Cross site scripting

InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...