25 matches found
CVE-2025-65592
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...
PT-2025-51771
Name of the Vulnerable Software and Affected Versions nopCommerce version 4.90.0 Description The software contains a Cross Site Scripting XSS issue within the product management functionality. Malicious payloads entered into the "Product Name" and "Short Description" fields are saved in the backe...
CVE-2025-67730
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
EUVD-2025-203048
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
CVE-2025-67730
CVE-2025-67730 affects Frappe Learning Management System (LMS). Details across sources show that versions prior to 2.42.0 allow authenticated users to inject malicious HTML and JavaScript via description fields in the Job, Course, and Batch forms, leading to cross-site scripting (XSS). The issue ...
CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
EUVD-2024-1069
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-19871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVE-2018-19871 Note that Nessus relies on the presence of the...
W. W. Norton InQuizitive 跨站脚本漏洞
W. W. Norton InQuizitive is an online adaptive learning tool from W. W. Norton Company with an eTextbook and interactive videos designed to help students complete courses. A security vulnerability exists in W. W. Norton InQuizitive version 2025-04-08 and earlier, which stems from a vulnerability...
Cross-site Scripting (XSS)
Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Name/Description fields. An attacker can inject malicious scripts by crafting input that is improperly sanitized. Details...
CVE-2021-27915
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system...
CVE-2021-27915 XSS Cross-site Scripting Stored (XSS) - Description field
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system...
Cross-Site Scripting (XSS)
mautic/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user inputs in the description fields. This can potentially lead an attacker getting elevated access to the system...
PT-2024-21166 · Sourcecodester · Sourcecodester Insurance Management System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Insurance Management System version 1.0 Description: A Cross Site Scripting XSS issue allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket. This enables attackers to...
msLDAPDump - LDAP Enumeration Tool
msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...
CVE-2021-36538
Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...
Cross site scripting
Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...
Cross site scripting
The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Settings which gets injected on the edit page as well as any page that embeds the calculator using th...
Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting
The plugin allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Settings which gets injected on the edit page as well as any page that embeds the calculator using the shortcode, as well as the Text...
CVE-2021-39111
The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in the handling of supplied content such a...