Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall NAME parameter, which originates from improperly cleaning up the input of the NAME parameter in /cgi-bin/uplinkeditor.cgi, and can be exploited by an attacker to...

EUVD-2013-7053

Malware in sbrugna...

Inilabs School Express 安全漏洞

Inilabs School Express is a school management software from Inilabs Bangladesh. A security vulnerability exists in Inilabs School Express version 6.2, which stems from insufficient cleanup and coding of the POSTed editor parameter in the content management functionality, which could lead to a...

CVE-2025-54172

QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into th...

GHSA-J9H5-VCGV-2JFM XWiki Platform vulnerable to RXSS via editor parameter - importinline template

Impact It's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. To reproduce: add an attachment to a page for example, your user profile add...

GHSA-5P84-MMH9-PXGR Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter

Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter...

Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter

Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter...

CVE-2020-19698

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter...

CVE-2020-19698

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter...

CVE-2023-27131

Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter...

CVE-2021-42564

An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers with permission to provide confidential messages via Cryptshare to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' substring in the editor parameter...

SQL injection vulnerability in ZZCMS jsout/hit.php file

ZZCMS is a PHP-written enterprise website builder. ZZCMS jsout/hit.php file SQL injection vulnerability, the vulnerability is caused by the failure to effectively filter the editor parameter due to the attacker to obtain sensitive database information...

ZOHO ManageEngine SupportCenter Plus Cross-Site Scripting Vulnerability

ZOHO ManageEngine SupportCenter Plus is a customer service support management software from ZOHO USA. The software provides help desk, customer management, service level management and tracking of customer requests. A cross-site scripting vulnerability exists in ZOHO ManageEngine SupportCenter Pl...

Directory traversal

Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. dot dot in the editor parameter...

CVE-2008-1229

Cross-site scripting XSS vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b...

Remote file inclusion

PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editorinserttop parameter. NOTE: the editorinsertbottom vector is already covered by CVE-2006-6042...