CVE-2024-35153

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

PT-2024-15727 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.7.2 Description: The issue is due to missing or incorrect nonce validation on the update...

Cross site scripting

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks...

Seo Panel 4.8.0 - 'from_time' Reflected XSS

Exploit Title: Seo Panel 4.8.0 - 'fromtime' Reflected XSS Date: 23-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28420 -Description: A cross-site scripting XSS issue in Seo Panel 4.8.0 allows...

CVE-2021-27528

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter...

CVE-2021-28420

A cross-site scripting XSS issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "fromtime" parameter...

Siemens SiNVR 3 Cross-Site Scripting Vulnerability (CNVD-2020-17007)

SiNVR 3 is a video management platform.Central Control Server CCS is the central control server and Video Server is the video server. SiNVR 3 has a stored cross-site scripting vulnerability in multiple input field implementations that can be exploited by remote attackers to inject malicious...

jeecms JSPGOU single-store version v6.0 has multiple stored cross-site scripting vulnerabilities

jspgou is based on java technology development of e-commerce management software. There are multiple stored cross-site scripting vulnerabilities in jeecms JSPGOU Single Store Edition v6.0. Due to the front-end input filtering is not strict, the background operation is not verified source, allowin...

IBM DataPower Gateway Cross-Site Scripting Vulnerability

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B, and cloud workloads that protects, integrates, and optimizes access across channels...

Cross-Site Scripting (XSS)

Apache Geronimo is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into log files via the time parameter or any invalid parameters to cal2.jsp. The injected Javascript executes on the victim's browser when the log files are viewed through the...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-24362)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects an organization internally and externally, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability exists in...

IBM Rational Requirements Composer and Rational DOORS Next Generation Cross-Site Scripting Vulnerability

IBM Rational Requirements Composer and Rational DOORS Next Generation RDNG are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability in IBM Rational...

Monxin Netcom mall system distribution small store settings storefront at the existence of storage-type cross-site scripting vulnerability

Monxin Allnet Mall System is a mall system with PC mall, mobile mall, micro letter mall and offline cashier system created by Monxin Technology. A stored cross-site scripting vulnerability exists in the Monxin mall system at the distribution store settings storefront. Attackers can insert malicio...

CVE-2018-16316

A stored Cross-site scripting XSS vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field...

MiniBB 3.1.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MiniBB 3.1.1 Fixed in: 3.2 Fixed Version Link: http://www.minibb.com/download.php?file=minibb Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to...

PhpOnlineChat 3.0 - XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: phponlinechat xss Date: 5/9/2014 Exploit Author: N0 Feel Vendor Homepage: http://phponlinechat.com/phpchat Software Link: http://phponlinechat.com/chat-free-download.php Version: 3.0 Tested on: win7 php online chat suffer from x...