2993 matches found
CVE-2022-4196 Multi Step Form < 1.7.8 - Admin+ Stored XSS
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2019-14840
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials...
CVE-2019-14840
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials...
CVE-2019-14840
The CVE-2019-14840 entry concerns Red Hat Decision Manager (RHDM). A flaw allows sensitive HTML form fields (e.g., password) to have auto-complete enabled, potentially leaking credentials. Documented impact is confidentiality loss (C:H) with no impact to integrity/availability, and CVSS v3.1 base...
CVE-2022-34021
Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...
CVE-2022-34021
Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...
Cross site scripting
Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...
CVE-2022-34021
Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...
Ublsoftware ResIOT 跨站脚本漏洞
Ublsoftware ResIOT is a web server and IoT platform from Italian company ResIOT. A security vulnerability exists in Ublsoftware ResIOT versions prior to 4.1.1000114, which stems from an attacker being able to implement multiple cross-site scripts via form fields...
GHSA-5M55-G8PV-X8WW Magento stored Cross-Site Scripting (XSS) vulnerability
Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...
GHSA-RG7P-WMGJ-F374 Magento stored Cross-Site Scripting (XSS) vulnerability
Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...
Magento stored Cross-Site Scripting (XSS) vulnerability
Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...
Magento stored Cross-Site Scripting (XSS) vulnerability
Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...
Cross site scripting
Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...
PT-2022-4385 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could allow an...
PT-2022-4399 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier Description: The issue is related to the lack of protection of the web page structure, which can be exploited ...
CVE-2022-30611
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page whic...
CVE-2022-1569
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...
CVE-2022-1569
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...
Cross site scripting
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...