142 matches found
CVE-2022-37679
Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field...
madskristensen Miniblog.Core 跨站脚本漏洞
madskristensen Miniblog.Core is a blogging engine built on ASP.NET Core. A security vulnerability exists in madskristensen Miniblog.Core v1.0, which allows attackers to execute arbitrary web script or HTML by injecting a crafted payload into the Excerpt field via the /blog/edit component...
PT-2022-24038 · Unknown · Miniblog.Core
Name of the Vulnerable Software and Affected Versions: Miniblog.Core version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field in the "/blog/edit" API endpoint. This enables the execution of malicious code on...
CVE-2020-36290
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...
CVE-2020-36290
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...
WordPress plugin 安全漏洞
WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in WordPress plugin, which originates in Beaver Themer, and can be exploited by an attacker to bypass conditional logic controls used to hide content when viewing a post archive, utilizing the...
CVE-2021-28002
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...
Textpattern Cms 跨站脚本漏洞
Textpattern Cms is a Php-based content management system from the Textpattern team. Textpattern CMS suffers from a cross-site scripting vulnerability that stems from a persistent cross-site scripting vulnerability found in the excerpt parameters of Textpattern CMS 4.9.0. An attacker could exploit...
CVE-2021-24319
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...
Cross site scripting
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. WordPress has a security vulnerability that...
Textpattern CMS 4.9.0-dev Cross Site Scripting
Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...
Textpattern CMS 4.9.0-dev - (Excerpt) Persistent Cross-Site Scripting Vulnerability
Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...
Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)
Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...
CVE-2016-10970
The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...
CVE-2016-10970
The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...
Design/Logic Flaw
The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...
CVE-2016-10970
The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt...
CVE-2016-10970
CVE-2016-10970 affects the WordPress plugin SupportFlow ; it is a stored XSS vulnerability in the ticket excerpt. The issue is present in plugin versions before 0.7. No exploitation details are provided in the documents. Remediation, as implied, is to upgrade to 0.7 or later (the fix version is n...
Easy Custom Auto Excerpt <= 2.4.6 - XSS
The Easy Custom Auto Excerpt WordPress plugin was affected by a XSS security vulnerability...