Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in th...

PT-2026-28615

Name of the Vulnerable Software and Affected Versions njzjz/wenxian affected versions not specified Description A command injection flaw exists in a GitHub Actions workflow due to the direct use of untrusted user input from issue comment.body within a shell command. The workflow is triggered by...

CVE-2019-25403

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the adminprofiles endpoint that executes in the browse...

CVE-2019-25403 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via admin_profiles

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the adminprofiles endpoint that executes in the browse...

PT-2024-40250 · Passbolt · Passbolt

Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue allows a user to inject bash code during the installation stage of Passbolt, as the system does not perform escaping or verification on the input provided for the username, e-mai...

TOTOLINK T10 缓冲区错误漏洞

TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T10v2 version 5.9c.5061B20200511, which originates from the comment parameter in the setStaticDhcpConfig of /lib/cstemodules/lan.so that fails to correctly...

CVE-2017-11414

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/appcomment/syscomment.php via $POST'comment', $POST'name', $POST'web', $POST'email', $POST'status', $POST'id', and $REQUEST'id'...

b2evolution 4.0.3 Cross Site Scripting

------------------------------------------------------------------------ Software................b2evolution 4.0.3 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate 2/5 Download................http://b2evolution.net/ Vendor Contact Date.....3/15/2011...

apnaspace.txt

Apnaspace.com A myspace type site for arab & indian teens Homepage: http://www.http://www.apnaspace.com Effected files: Comment input box: Posting a blog entry: - Entry title - Entry body Viewing a profile Posting a bulletin. Commenting on a picture Sending mail to someone...