CVE-2023-3691 layui HTML Attribute cross site scripting

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

CVE-2023-3691 layui HTML Attribute cross site scripting

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

CVE-2023-3691

Layui up to v2.8.0-rc.16 contains a cross-site scripting vulnerability in the HTML Attribute Handler where manipulating the title argument enables XSS. The issue can be triggered remotely, and upgrading to version 2.8.0 addresses the vulnerability. Multiple connected sources (including Red Hat, C...

Layui 跨站脚本漏洞

Layui is Layui open source Web UI component library that follows the original development model . A cross-site scripting vulnerability exists in versions prior to layui v2.8.0-rc.16. The vulnerability stems from an unknown part of the component HTML Attribute Handler, which leads to cross-site...

PT-2023-25738 · Layui · Layui

Name of the Vulnerable Software and Affected Versions: layui versions up to v2.8.0-rc.16 Description: A problematic issue was found in the HTML Attribute Handler component, where the manipulation of the title argument leads to cross-site scripting. This can be initiated remotely. Recommendations:...

Ecommerse v1.0 - Cross-Site Scripting (XSS)

Title: Ecommerse v1.0 - Cross-Site Scripting XSS Author: nu11secur1ty Date: 11.23.2022 Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference:...

Cross-site Scripting (XSS)

modoboa is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the maketag function in the Listing.prototype object of listing.js as it does not properly encode the html attribute, allowing an attacker to inject and execute malicious JavaScript into the browser...

CVE-2020-36656

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks...

Cross site scripting

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks...

SUSE CVE-2009-1714

Cross-site scripting XSS vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes...

SUSE CVE-2013-6416

Cross-site scripting XSS vulnerability in the simpleformat helper in actionpack/lib/actionview/helpers/texthelper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute...

Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting

The plugin does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. PoC Note: The exploit requires the Contact Form 7 plugin. Exploit Additional CSS classes for “Contact Form 7 Styler” Gutenberg...

CVE-2021-31739

The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...

CVE-2021-31739

The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...

CVE-2022-2627

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

Cross site scripting

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

CVE-2022-2167 Newspaper < 12 - Reflected Cross-Site Scripting

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

CVE-2022-2167 Newspaper < 12 - Reflected Cross-Site Scripting

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

glFusion CMS 跨站脚本漏洞

glFusion CMS is a content management and publishing system. A cross-site scripting vulnerability exists in glFusion CMS version v1.7.9, which stems from being affected by reflective cross-site scripting XSS. The value of a header request parameter is copied into the value of an HTML markup...

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...