PT-2023-16486 · Unknown · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability has been found in the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the arguments firstname,...

CVE-2022-46369

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting PXSS – vulnerability may allow inserting scripts into unspecified input fields...

CVE-2022-46369

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting PXSS – vulnerability may allow inserting scripts into unspecified input fields...

Cross site scripting

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting PXSS – vulnerability may allow inserting scripts into unspecified input fields...

Rumpus FTP Web File Manager 跨站脚本漏洞

Rumpus FTP Web File Manager is a file transfer server. A security vulnerability exists in Rumpus FTP Web File Manager version 9.0.7.1 that originates from a vulnerability that could allow scripts to be inserted into unspecified input fields...

Simple Client Management System 跨站脚本漏洞

Simple Client Management System is a Simple Client Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Client Management System SCMS version 1.0, which stems from a stored cross-site scripting XSS vulnerability that could allow a remote attacker to...

CVE-2021-43657

A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...

Fortinet FortiSOAR Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Fortinet FortiSOAR, a security orchestration, automation and response SOAR solution from Fortinet, Inc. input fields of various components within FortiSOAR to inject HTML tags...

CVE-2022-38379

Improper neutralization of input during web page generation CWE-79 in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR...

CVE-2022-46147 Drag and Drop XBlock v2 has XSS Issues in Xblock Input Fields

Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contai...

CVE-2022-43117

Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Name, Username, Description and Site Feature parameters...

Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS

The plugin does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Plugin settings Style Settings button border radius or other field put to input field: alert'XSS'; Text &...

Cross site scripting

The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

Foxlor cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields...

The publify application allows large characters to insert in the input field "title name and post field" on the article field which can allow attackers to cause a Denial of Service (DoS)

Description Please enter a description of the vulnerability. Proof of Concept 1 - Create New article https://demo-publify.herokuapp.com/admin/content/new 2 - Fill the title name and post field with huge characters, more than 1 lakh Copy the below payload and put it in the input fields and click o...

PT-2022-18311

Name of the Vulnerable Software and Affected Versions Galleon NTS-6002-GPS version 4.14.103-Galleon-NTS-6002.V12 4 Description An issue was discovered in the Network Tools section of the web-management interface, allowing an authenticated attacker to perform command injection as root via shell...

CVE-2022-25854

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload...

Cross site scripting

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload...

CVE-2022-25854

The CVE affects @yaireo/tagify before 4.9.8. The root cause is that the placeholder input is not escaped in the Tagify rendering logic (tagify.js), enabling an attacker to inject and trigger XSS via a malicious placeholder value. Impact is XSS in inputs using Tagify; exploitation details are not ...

WordPress Coru LFMember 1.0.2 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Coru LFMember - Stored Cross Site Scripting Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/Coru LFMember/ Version: 1.0.2 Tested on: Firefox Contact me: email protected Vulnerable Code: " name="gameimage" / "...