127 matches found
WordPress Plugin WP Go Maps Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-44390
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...
CVE-2023-4090
Cross-site Scripting XSS reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response...
CVE-2023-4090 Cross-Site Scripting (XSS) vulnerability on WideStand CMS of Acilia
Cross-site Scripting XSS reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response...
Hardcoded credentials
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...
Cross site scripting
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...
PT-2023-19322 · Broadcom · Symantec Siteminder Webagent
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A user can supply malicious HTML and JavaScript code that will be executed in the client browser. Recommendations: At the moment, there is no information about a newer version that...
Veritas NetBackUp OpsCenter 跨站脚本漏洞
Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies, USA. A security vulnerability exists in Veritas NetBackUp OpsCenter version 9.1.0.1, which stems from not adequately cleaning up special characters. An attacker could...
SUSE CVE-2007-6524
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap BMP file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420...
PT-2022-24049 · Pyrocms · Pyrocms
Name of the Vulnerable Software and Affected Versions: PyroCMS version 3.9 Description: The issue allows a low-privileged user, such as an author, to inject crafted HTML and JavaScript payload in a blog post, leading to full admin account takeover or privilege escalation. This is a stored Cross...
CVE-2022-30768
A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...
InMailX 跨站脚本漏洞
InMailX, InMailX's enterprise email management, compliance and productivity solution for Microsoft Outlook and Office 365, provides the features and tools users need to effectively manage their email and attachments. A security vulnerability exists in InMailX plugin Outlook versions prior to...
Cross site scripting
All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...
CVE-2022-25349 Cross-site Scripting (XSS)
All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...
Cross-site Scripting (XSS)
zoneminder is vulnerable to cross-site scripting. The vulnerability exists due to a lack of input validation to the value supplied to the 'New State' aka newState field, allowing an attacker to execute HTML or JavaScript code...
PT-2021-23021
Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6 Description A Stored XSS issue exists in TinyFileManager when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious...
python-lxml: mXSS due to the use of improper parser
A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The highest threat...
python-lxml: mXSS due to the use of improper parser
A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The highest threat...
CVE-2021-21541
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser...
CVE-2021-21543
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. Wh...