Automattic: Stored XSS in wordpress.com

Summary: Hello Team, I found the Stored XSS vulnerability in the Custom Style section, this vulnerability can result in an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, performing requests in the...

Stored Cross-Site Scripting Vulnerability in Palm QC App

Palm Qingcheng app is a smartphone-based city travel information query software. A stored cross-site scripting vulnerability exists in the "Feedback" section of the app. An attacker can insert malicious js code into the page to obtain user cookies and other information, resulting in user hijackin...

Stored Cross-Site Scripting Vulnerability in Mythical Doctor App

The Mythical Doctor app is a leading doctor-patient type tool in the field of mobile health, dedicated to helping you build an online communication service between you and your doctor, and providing you with medicines to your home. A stored cross-site scripting vulnerability exists in the...

Stored Cross-Site Scripting Vulnerability in Hulu 3 Floor App

Hulu Man 3F APP is a player exchange community platform launched by Guangzhou Manju Network Technology Co. A stored cross-site scripting vulnerability exists in the "Feedback" section of Hulu Man 3F APP. An attacker can insert malicious js code into the page to obtain user cookies and other...

WordPress Usernoise Plugin 3.7.8 - Persistent XSS

Usernoise plugin is prone to a persistent XSS vulnerability, because the user input is not being properly handled when a feedback is submitted. The affected area is the Wordpress admin dashboard. The vulnerability accepts arbitrary codes, including JavaScript. And all JavaScript code is executed...