GHSA-WFQ5-QGQP-HVHV Unauthenticated Reflected XSS via innerHTML in AVideo

Summary AVideo contains a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter flows through PHP's jsonencode into a JavaScript function that renders it via innerHTML, bypassing encoding and...

EUVD-2018-10899

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errorMsg parameter in the /xxl-sso-server/login process. An attacker can inject and execute arbitrary scripts in the context of a user's browser by crafting a malicious request. Details Cross-site...

kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews of files and documents. A security vulnerability exists in kkFileView v4.1.0, which stems from the errorMsg parameter being vulnerable to cross-site scripting...

PYSEC-2020-212

Multiple cross-site scripting XSS vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the 1 @okmessage or 2 @errormessage parameter to issue...

CVE-2019-12581

A reflective Cross-site scripting XSS vulnerability in the freetimefailed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter...

CVE-2018-19190

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php errormsg parameter...

PAYFORT payfort-php-SDK cross-site scripting vulnerability

PayFort is an online payment gateway. payfort-php-SDK is the PayFort payment gateway SDK. A cross-site scripting vulnerability exists in Amazon PAYFORT payfort-php-SDK on 2018-04-26 and earlier versions, which can be exploited by an attacker via the error.php errormsg parameter to conduct a...

drfrostmaths.com XSS vulnerability

Open Bug Bounty ID: OBB-621125 Description| Value ---|--- Affected Website:| drfrostmaths.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

myBloggie 2.1.2/2.1.3 addcat.php errormsg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...