14 matches found
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...
Improper Encoding Or Escaping Of Output
MotionEye is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to unsanitized user input in configuration parameters being written to configuration files, which allows an attacker to execute arbitrary commands when the service is restarted...
EUVD-2023-1924
Malicious code in bioql PyPI...
CVE-2024-5429
The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Auto iFrame 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin The Plus Addons for Elementor Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Improper Encoding Or Escaping Of Output
php81 is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to insufficient escaping when using the procopen command with array syntax, allowing malicious users to execute arbitrary commands in the Windows shell by supplying controlled arguments...
CVE-2023-46734
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use issafe=html but don't actually ensure their input is safe. As of...
GHSA-G4VP-M682-QQMP OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Impact OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata...
WordPress plugin PPWP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
TD Bank: Reflected XSS on Admin Login Page
When you try to access private pages on the domain https://td.intelliresponse.com/a6 you are redirected to a login page, which has reflected values in the DOM from the URL on the parameter 'win'. Once there is no proper handle for the data reflected, it turns out into a vulnerable path on the...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments, including ones related to CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547, and CVE-2018-1000006. The target...
Reflected XSS Vulnerability in the Feed Builder
---- Input in the Feed Builder is not properly handled. Insert: code "alert'Gotcha!' code as the feed name title and you get url like this:...