8 matches found
CVE-2024-1341
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...
PT-2022-27054 · Unknown · Browsershot
Name of the Vulnerable Software and Affected Versions: Browsershot version 3.57.3 Description: The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to...
Malicious code in external-js-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c06d2f4db7e9efc9676f195c4794c9b02fb52e277ad85db8059db8803081e15 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2940 Malicious code in external-js-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c06d2f4db7e9efc9676f195c4794c9b02fb52e277ad85db8059db8803081e15 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Arbitrary File Inclusion
kibana is vulnerable to arbitrary file inclusion attacks. The vulnerability exists through the Kibana Console API where a request can be sent to include external JS files which could possibly result in executing arbitrary commands...
Neatly bypassing CSP
How to trick CSP in letting you run whatever you want By bo0om, Wallarm research Content Security Policy or CSP is a built-in browser technology which helps protect from attacks such as cross-site scripting XSS. It lists and describes paths and sources, from which the browser can safely load...
Taobao decoration can reference external js file-bug warning-the black bar safety net
Taobao decoration page for the js filter is not strict you can use user reference to an external js file, you can obtain other Taobao user cookies, modify your own shop reviews, baby sell number and the like. In Taobao decoration page that has a background image uploaded, as long as firebug for...
Ecshop2.7.2持久型XSS(可获得管理员帐号)
简要描述: 个人资料修改时,Javascript代码过滤不够严格,XSS代码直接进入数据库 详细说明: 密码保护问题这一项,没有使用正则过滤,其他的的都有正则过滤。我们可以在密码保护问题里输入XSS,但是后台查看会员资料是不显示密码保护问题的,所以这里必须要网站后台添加了新的 “会员注册项”时,后台查看资料就会显示了,此处填入一段引入外部js的代码:" 外部test.js文件内容如下 Ajax.call'privilege.php?act=update','id=1&username=heihei&[email protected]','',"POST","JSON"; 漏洞证明:...