100 matches found
CVE-2024-13031
The CVE-2024-13031 affects Antabot White-Jotter up to version 0.2.2. Affected component: /admin/content/editor in the Article Content Editor. Root cause: cross-site scripting due to an issue in the editor’s handling, enabling remote exploitation. The vulnerability is publicly disclosed and can be...
White-Jotter 代码注入漏洞
White-Jotter is an Antabot personal developer's front-end and back-end separation project using Vue+Spring Boot development, comes with a full set of development tutorials. Antabot White-Jotter 0.2.2 and earlier versions have a code injection vulnerability that originates from the component artic...
PT-2024-21326 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.103 Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 Liferay DXP versions 2023.Q3.1 through 2023.Q3.5 Liferay DXP versions 7.4 GA through update 92 Liferay DXP versions 7.3 update 29 through update ...
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...
CVE-2023-29998
A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...
CVE-2023-29998
CVE-2023-29998 affects Gis3W g3w-suite 3.5: a Cross-site Scripting (XSS) vulnerability in the content editor where the description parameter can be exploited by remote authenticated users to inject arbitrary script/HTML and potentially gain privileges. Base CVSS v3.1: 5.4 (Medium) with network ve...
CVE-2023-29998
A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...
CVE-2023-29998
A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...
PT-2023-22510 · Unknown · Gis3W G3W-Suite
Name of the Vulnerable Software and Affected Versions: Gis3W g3w-suite version 3.5 Description: A Cross-site scripting XSS vulnerability in the content editor allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter. Recommendation...
GHSA-J696-6M57-MCRV Silverstripe CMS XSS Vulnerability
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...
The vulnerability of the Advanced Tab for Dialogs plugin of the CKEditor editor allows a hacker to manipulate the content of the address bar.
The vulnerability of the Advanced Tab for Dialogs plugin for the CKEditor editor is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to manipulate the content of the address bar remotely...
Cross-site Scripting in LaraCMS
LaraCMS contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...
GHSA-M72G-42Q6-GVC2 Cross-site Scripting in LaraCMS
LaraCMS contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...
CVE-2020-20129
LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...
Cross site scripting
LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...
CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48497)
CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...
CMS Made Simple 跨站脚本漏洞
CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...
UBUNTU-CVE-2021-26271
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...
ImpressCMS: Download full backup and Cross site scripting
A backup zip file was still left on the server, which was removed. Moreover, an old unused content editor was still left and could be used by a malicious user. The unused editor has been removed as well...
CVE-2020-9743
AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An...