9 matches found
CVE-2025-9981 Multiple Stored XSS in QuickCMS
QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...
Cross-site Scripting
Stage.js is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of the global DOM namespace, allowing attacker-injected HTML elements to shadow the document.currentScript lookup and unintended element properties to override JavaScript variables...
DOM Clobbering
PrismJS is vulnerable to DOM Clobbering. The vulnerability is due to attacker-injected HTML elements shadowing the document.currentScript lookup, allowing an attacker to potentially leads to Cross-Site Scripting XSS...
CVE-2024-53386
Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
GHSA-X7HR-W5R2-H6WG PrismJS DOM Clobbering vulnerability
Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
CVE-2024-53386
Stage.js through 0.8.10 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...
CVE-2024-53386
CVE-2024-53386 affects Stage.js up to version 0.8.10. The vulnerability arises from a DOM clobbering flaw where the lookup for document.currentScript can be shadowed by attacker-injected HTML elements, enabling XSS on untrusted input that contains HTML but does not itself include JavaScript. The ...
Prism 代码注入漏洞
Prism is an application from the US-based individual developers of Prism. It is a lightweight, extensible syntax highlighting tool. A security vulnerability exists in Prism 1.29.0 and earlier versions, which stems from the fact that document.currentScript lookups can be obscured by an attacker's...
CVE-2024-2619
The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...