2994 matches found
Saad Irfan RemoteClinic 跨站脚本漏洞
Saad Irfan RemoteClinic is a Saad Irfan open source application. Provides the ability to remotely manage your clinic via the web. A security vulnerability exists in Saad Irfan RemoteClinic v2.0 that allows an attacker to perform code execution using multiple parameters. The affected parameters ar...
CVE-2021-36063
Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing th...
CVE-2021-36027
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows...
Cross site scripting
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows...
DRK Odenwaldkreis Testerfassung Cross-Site Scripting Vulnerability
DRK Odenwaldkreis Testerfassung is an open source solution for obtaining and recording rapid test results for corona antigens.A cross-site scripting vulnerability exists in DRK Odenwaldkreis Testerfassung March-2021, which can be exploited by attackers to inject arbitrary web script or HTML via a...
CVE-2021-35061
Multiple cross-site scripting XSS vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components...
CVE-2021-35061
Multiple cross-site scripting XSS vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components...
CVE-2021-35061
Multiple cross-site scripting XSS vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components...
CVE-2021-28628
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...
CVE-2021-28625
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...
CVE-2021-28625
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...
Cross site scripting
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...
Cross site scripting
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...
CVE-2021-36062
Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious...
Cross site scripting
AEM's Cloud Service offering, as well as versions 6.5.7.0 and below, 6.4.8.3 and below and 6.3.3.8 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...
CVE-2021-21084 Adobe Experience Manager stored cross-site scripting vulnerability in resource resolver factory could lead to arbitrary code execution
AEM's Cloud Service offering, as well as versions 6.5.7.0 and below, 6.4.8.3 and below and 6.3.3.8 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...
Input validation
The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to...
CVE-2021-24250
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin...
CVE-2021-24250 Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin...
Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting
The plugin suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. PoC Log on as an admin, create or edit a Form Field wp-admin/admin.php?page=wpbdpadminformfields and set the Field Label...