PHPJabbers Event Booking Calendar 4.0 Cross Site Scripting / HTML Injection

Exploit Title: PHPJabbers Event Booking Calendar v4.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Version: v4.0 Tested o...

PHPJabbers Car Park Booking System 3.0 Cross Site Scripting / HTML Injection

Exploit Title: PHPJabbers Car Park Booking System v3.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-park-booking/sectionDemo Version: v3.0 Tested on:...

Semrush: Lack of sanitization of the billing address in pdf invoice

A vulnerability in the invoice PDF generation allowed HTML code injection due to insufficient sanitization of billing address data. An internal review found no evidence of exploitation...

CVE-2023-31434

The parameters nutzertitel, nutzervn, and nutzernn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations...

CVE-2023-31434

The CVE-2023-31434 issue affects evasys prior to 8.2 Build 2286 and 9.x prior to 9.0 Build 2401 where input validation is missing for parameters nutzer_titel, nutzer_vn, nutzer_nn (user profile) and langID/ONLINEID (direct links). This allows authenticated attackers to inject HTML code and XSS pa...

CVE-2023-31434

The parameters nutzertitel, nutzervn, and nutzernn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations...

GHSA-6VGH-9R3C-2CXP Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro

Impact The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included since XWiki 3.5M1 and doesn't require script rights, this can be demonstrated wit...

CVE-2022-3242 HTML code Injection in template search keyword in microweber/microweber

Code Injection in GitHub repository microweber/microweber prior to 1.3.2...

CVE-2022-3242 HTML code Injection in template search keyword in microweber/microweber

Code Injection in GitHub repository microweber/microweber prior to 1.3.2...

Revive Adserver: Multiple cross-site scripting (XSS) vulnerabilities in Revive Adserver

Vulnerability description not provided...

Pegasystem PEGA Platform 跨站脚本漏洞

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM business process management, case management, real-time decision making and CRM customer relationship management.Pegasystem PEGA Platform has a...

CVE-2022-34768

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

CVE-2021-23863

HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacke...

CVE-2021-23863

The CVE affects Bosch Video Security software (version 3.2.3 and earlier). A code injection vulnerability enables an attacker to inject arbitrary HTML into a WebView-loaded component, potentially causing the application to display attacker-controlled web resources. The root cause is HTML/code inj...

CVE-2021-23863

HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacke...

MTN Group: XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

PoC https://videostore.mtnonline.com/GL/MyAccount.aspx?PId=126&CID=5&OprId=11%27 Symbols are not filtered that alloweds to inject HTML code. F1353609 Impact XSS at videostore.mtnonline.com...

MTN Group: XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

PoC http://nextapps.mtnonline.com/search/suggest/q/xss1337 Symbols are no filtered that alloweds to inject HTML code. Response has content-type: text/html F1353600 Impact XSS at nextapps.mtnonline.com...

Hardcoded credentials

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

Froala 3.2.6-1 Cross Site Scripting

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Date:06.03.2021 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel:...

Froala 3.2.6-1 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel: https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ PoC: In t...