15 matches found
EUVD-2023-1990
Malicious code in bioql PyPI...
GHSA-7J6X-42MM-P7JM Zinc Cross-site Scripting vulnerability
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’...
Code injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35156 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35156 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35156
XWiki Platform contains a cross-site scripting (XSS) vulnerability in the delete.vm path, exploitable via a crafted URL parameter (xredirect) in the delete template. The issue affects XWiki since 6.0-rc-1 and is demonstrated by payloads like xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=de...
Zinc Delete Template Function Cross-Site Scripting Vulnerability
Zinc is a full-text indexing search engine open sourced by Zinc Labs. Zinc v0.1.9 and later, v0.3.1 and earlier versions have a cross-site scripting vulnerability that can be exploited by attackers to obtain sensitive information such as user credentials...
Cross-site Scripting (XSS)
Zinc is vulnerable to cross-site scripting. The vulnerability exists due to the delete template functionality in User.vue incorrectly escaping the id attribute before being rendered, allowing an attacker to inject and execute a malicious JavaScript payload...
CVE-2022-32172
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’...
CVE-2022-32172
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’...
Cross site scripting
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’...
CVE-2022-32172 Zinc - Cross-Site Scripting
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’...
PT-2022-21135 · Zinc · Zinc
Name of the Vulnerable Software and Affected Versions: Zinc versions v0.1.9 through v0.3.1 Description: The issue concerns Stored Cross-Site Scripting in Zinc when using the delete template functionality. If an authenticated user deletes a template with a XSS payload in the name field, the...
CVE-2020-3413
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for request...
CVE-2020-10492
CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request...