150 matches found
CVE-2025-57424
CVE-2025-57424: Stored XSS in MyCourts v3, via the LTA number profile field. An attacker can inject arbitrary JavaScript that runs in the browser of any viewer, including administrators. The absence of the HttpOnly flag on the session cookie could permit capture of session tokens and user session...
CVE-2025-57424
A stored cross-site scripting XSS vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which executes in the browser of any user viewing it, including administrators. Due to the absence of the...
CVE-2025-0209
A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...
CVE-2025-4760
An authenticated stored cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript,...
CVE-2025-0209
A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...
CVE-2025-0209
CVE-2025-0209 describes a reflected cross-site scripting (XSS) vulnerability in the account registration flow of WSO2 Identity Server caused by improper output encoding. The issue allows an attacker to inject a crafted payload that is reflected in the server response, leading to potential executi...
CVE-2025-0209 Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server Account Registration Flow
A reflected cross-site scripting XSS vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the server response, enabling the execution of...
PT-2025-39183
Name of the Vulnerable Software and Affected Versions WSO2 Identity Server affected versions not specified Description A reflected cross-site scripting XSS issue exists in the account registration process. This is due to improper output encoding, allowing a malicious actor to inject a crafted...
Exploit for CVE-2012-0053
This repository is an offensive tool for web application exploitation, specifically for cross-site scripting XSS attacks. It contains a collection of payloads and scripts that can be used to exploit vulnerabilities in web applications. The payloads are designed to be injected into a vulnerable we...
Linux Distros Unpatched Vulnerability : CVE-2016-9848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x...
GHSA-XPXP-R8HF-WGF6 WSO2 products vulnerable to Cross-site Scripting
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
Cross-site Scripting (XSS)
Overview org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui is an User Store UI component for WSO2 Carbon Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient output encoding in error messages generated by the JDBC...
CVE-2023-28472
Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...
PT-2025-2984
Name of the Vulnerable Software and Affected Versions CodeChecker versions through 6.24.4 Description Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged-in user and use the web API with the same permissions, including adding, removing, or editin...
PT-2024-40145 · Unknown · Camaleon Cms +1
Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: A stored cross-site scripting issue has been found in the image upload functionality, allowing normal registered users to upload SVG images containing JavaScript or HTML documents by...
PT-2024-40192 · Unknown · Camaleon Cms +1
Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: A stored cross-site scripting issue has been found in the image upload functionality, allowing normal registered users to upload SVG images containing JavaScript or HTML documents by...
PT-2024-40451 · Unknown · Camaleon Cms
Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: A stored cross-site scripting issue has been found in the image upload functionality of Camaleon CMS. This allows normal registered users to upload SVG images or HTML documents...
IBM Security Directory Integrator和IBM Security Verify Directory 安全漏洞
IBM Security Verify Directory and IBM Security Directory Integrator are both products of International Business Machines IBM.IBM Security Verify Directory is part of an authentication and access management solution.IBM Security Directory Integrator is an integrated development environment and...
CVE-2024-41685
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable syste...
CVE-2024-36788
Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...