CVE-2020-28957

Multiple cross-site scripting XSS vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields...

Foxlor 跨站脚本漏洞

Foxlor is This open source GPL panel was developed by experienced server administrators to simplify the job of managing hosting platforms. A security vulnerability exists in Foxlor, which can be exploited by an attacker to execute arbitrary web script or HTML by entering a payload in the name,...

Local Services Search Engine Management System 跨站脚本漏洞

Local Services Search Engine Management System is a local services search engine management system. A cross-site scripting vulnerability exists in the Local Services Search Engine Management System Project, which stems from a persistent cross-site scripting vulnerability discovered in the Local...

Cross site scripting

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field...

AKCP sensorProbe Cross-Site Scripting Vulnerability

The AKCP sensorProbe is a platform-independent environmental and safety monitoring device from AKCP USA. Simply assign an IP address and connect to the embedded web server. A cross-site scripting vulnerability exists in versions prior to SP480-20210624 of the AKCP sensorProbe Embedded Web Server...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2021-45145)

MantisBT is a lightweight, free and open source, web-based defect tracking system. A cross-site scripting vulnerability exists in managecustomfieldeditpage.php in versions of MantisBT prior to 2.25.2. An attacker can exploit this vulnerability to inject code into hidden input fields...

MantisBT 跨站脚本漏洞

MantisBT is a lightweight, free and open source, web-based defect tracking system. A cross-site scripting vulnerability exists in managecustomfieldeditpage.php in versions of MantisBT prior to 2.25.2. An attacker can exploit this vulnerability to inject code into hidden input fields...

Request a Quote < 2.3.4 - Authenticated Stored XSS

The plugin did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table. Note: By default, admins and editors are allowed to use JavaScript in posts and page, unless the...

Ec-cube 跨站脚本漏洞

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . A cross-site scripting vulnerability exists in Ec-Cube, which can be exploited by a remote attacker to inject specially crafted scripts into specific input fields of an EC website created using EC-Cube and execute...

CVE-2021-20717

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

CVE-2021-27114

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'sip" and "smac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address...

CVE-2021-30042

Cross Site Scripting XSS in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php...

Cross site scripting

Cross Site Scripting XSS in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php...

Cross site scripting

Cross-Site Scripting XSS in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields...

CVE-2021-28047

Cross-Site Scripting XSS in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields...

Devolutions Remote Desktop Manager 跨站脚本漏洞

Devolutions Remote Desktop Manager is a remote desktop management tool that centralizes all remote connections on a platform that is securely shared between users and across teams. A cross-site scripting vulnerability exists in the Administration Report in Devolutions Remote Desktop Manager...

Digital Publications by Supsystic <= 1.6.11 - Authenticated Stored Cross-Site Scripting (XSS)

When creating or editing a publication, all values such as Area Width, Publication Width are vulnerable to stored XSS. It is possible to store code in all input fields as the code does not sanitize any user input. v1.6.11 attempted to fix the issue by using sanitizetextfield, however the output i...

CVE-2020-35754

OpenSolution Quick.CMS 6.7 and Quick.Cart 6.7 allow an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Language tab...

CXUUCMS Cross-Site Scripting Vulnerability (CNVD-2020-75157)

CxuuCms is an easy-to-use, open source PHP+Mysql based content management system. CXUUCMS V3 suffers from a class="layui-input" cross-site scripting vulnerability. No detailed vulnerability details are currently available...

CVE-2020-29250

CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php...