EUVD-2024-55555

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...

CVE-2024-58344

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...

PT-2026-34455

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...

Carbon-Forum 跨站脚本漏洞

Carbon-Forum is a high-performance open-source forum software developed by Canbin Lin. Version 5.9.0 of Carbon-Forum contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting flaw, which could allow authenticated administrators to inject malicious...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries.Web.UI is a runtime assemblies for Web Forms applications that use Kentico Xperience API Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SaveUserSpecificDashboardSettings method in the UserSettingsJsonDashboardItemsLoader...

EUVD-2024-16644

Malicious code in bioql PyPI...

CVE-2023-23628

Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the...

CVE-2020-8825

index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS...

CVE-2022-2765

A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/settings. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit ha...

Company Website CMS 访问控制错误漏洞

Company Website CMS is a company website/CMS by Torrahclef Individual Developer. Company Website CMS 1.0 suffers from an Access Control Error vulnerability that stems from an unknown function of the file /dashboard/settings being affected, resulting in incorrect authentication and an attack that...

fauzantrif eLection Cross-Site Scripting Vulnerability

fauzantrif eLection is a web-based election system. A cross-site scripting vulnerability exists in fauzantrif eLection 2.0. The vulnerability can be exploited to conduct a cross-site scripting attack via the Admin Dashboard - Settings - Election - "message if election is closed" field...

Cross site scripting

index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript through the content, url and name parameters under the Dashboard settings. This CVE ID is different from CVE-2018-18623 and CVE-2018-18624...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript through the content, url and name parameters under the Dashboard settings. This CVE ID is different from CVE-2018-18624 and CVE-2018-18625...

CVE-2015-5611

Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles FCA from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related ...

Free Reprintables ArticleFR Cross-Site Scripting Vulnerability

ArticleFR is an article directory and content catalog system. Multiple cross-site scripting vulnerabilities exist in Free Reprintables ArticleFR version 3.0.6, which stem from the dashboard/settings/categories/ URI not sufficiently filtering the 'name' parameter, the dashboard/settings/links/ URI...

Supr Shopsystem 5.1.0 - Persistent UI Vulnerability

Exploit for php platform in category web applications Product & Service Introduction: =============================== SUPR is a modern and user-friendly system which allows each store very quickly and easily create their own online store. Without installation and own webspace you can begin to...

Supr Shopsystem - Persistent UI Vulnerability

Document Title: =============== Supr Shopsystem - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1353 Release Date: ============= 2014-11-07 Vulnerability Laboratory ID VL-ID: ==================================== 1353 Common...