CVE-2022-25784 User controllable HTML element attribute (potential XSS)

Cross-site Scripting XSS vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7...

Reflected XSS

Description Bypass XSS filter on /module/ Proof of Concept https://demo.microweber.org/demo/module/?module=admin%2Fmodules%2Fmanage&id=x"draggable="true"ondragexit=alert1&class=x&fromurl=x Drag something around to trigger the XSS. Might only work in FireFox. How to fix This is still CVE-2022-1439...

Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. PoC On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...

CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

CVE-2022-0427

Removed by vendor...

PT-2022-13176 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.5 and later Description: The issue is related to missing sanitization of HTML attributes in Jupyter notebooks, allowing an attacker to perform arbitrary HTTP POST requests on a user's behalf, potentially leading to...

CVE-2021-44598

Attendance Management System 1.0 is affected by a Cross Site Scripting XSS vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflecte...

Cross-Site Scripting (XSS)

antisamy is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via HTML attributes using the HTML output serializer...

CVE-2021-35955

Contao =4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7...

CVE-2021-24283

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue...

Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS)

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. PoC v 2.2.29 https://example.com/wp-admin/edit.php?posttype=accordions=settings=a%22%3E%3Csvg%2Fonload%3Dalert%28123%29%3B%2F%2F%3E%3C%22 v 2.2.30...

Cross site scripting

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

CVE-2021-3012

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

Revive Adserver 5.1.0 Cross Site Scripting

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2021-002 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2021-002...

Daily Tracker System 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Tracker System v1.0 - Reflected Cross Site Scripting XSS Exploit Author: Adeeb Shah Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

CVE-2020-5574

HTML attribute value injection vulnerability in Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and...

CVE-2020-5574

HTML attribute value injection vulnerability in Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and...

CVE-2020-5574

HTML attribute value injection vulnerability in Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and...

CVE-2020-5574

HTML attribute value injection vulnerability in Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and...

CVE-2020-5574

CVE-2020-5574 affects Movable Type and related products across multiple versions (e.g., Movable Type 7.x up to 7.2.1, Movable Type Advanced, Movable Type for AWS, and various 6.x/Premium variants). The root issue is an HTML attribute value injection vulnerability that could allow a remote attacke...