178 matches found
CVE-2022-30776
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter...
CVE-2021-25035
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester Tailor Management 1.0 via the 1 eid parameter in a partedit.php and b customeredit.php, the 2 id parameter in a editmeasurement.php and b addpayment.php, and the 3 error parameter in index.php...
CVE-2021-42566
myfactory.FMS before 7.1-912 allows XSS via the Error parameter...
CVE-2021-42566
myfactory.FMS before 7.1-912 allows XSS via the Error parameter...
Cross site scripting
myfactory.FMS before 7.1-912 allows XSS via the Error parameter...
CVE-2021-42566
myfactory.FMS before 7.1-912 allows XSS via the Error parameter...
myfactory.FMS 跨站脚本漏洞
myfactory.FMS is a transaction management system. A cross-site scripting vulnerability exists in Myfactory.FMS that stems from the product's Error parameter failing to properly validate user input data. The vulnerability can be exploited to execute client-side code. The following products and...
CVE-2021-34650
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6...
eID Easy < 4.7 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
CVE-2021-36381
In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logonerror= on the login screen of the Web application...
CVE-2021-32702 Reflected XSS from the callback handler's error query parameter
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...
Auth0 跨站脚本漏洞
Auth0 is is an authentication agent that supports social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. The Auth0 Next.js SDK suffers from a cross-site scripting vulnerability that stems from the vulnerability to reflected XSS in versions 1.4.1 a...
CVE-2021-24196
The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized...
JIZHICMS Cross-Site Scripting Vulnerability
JIZHICMS Extreme CMS is an open source, free, commercial license-free website building system. A cross-site scripting vulnerability exists in Home/c/ErrorController.php in JIZHICMS 1.7.1. An attacker can exploit this vulnerability to inject arbitrary Web script or HTML via...
CVE-2019-5588
A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests...
CVE-2019-11398
Multiple cross-site scripting XSS vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon...
CVE-2019-11398
Multiple cross-site scripting XSS vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon...