SPIP interfaces.php cross-site scripting vulnerability

SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP, which stems from a lack of proper validation of client-side data in the interfaces.php component of the WEB application. An attacker could exploit this vulnerability to execute client-side code...

CVE-2021-44120

SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter in an olsrd.xml action to pkgedit.php, 2 the xml parameter to pkg.php, or the if parameter to 3 statusgraph.php or 4 interfaces.php, a differe...

pfSense Cross Site Scripting

"Those who cannot learn from history are doomed to repeat it." - George Santayana http://cvstrac.pfsense.org/chngview?cn=20994 "Comment: Make scripts XSS input safe. " Date: 2008-Feb-11 23:33:24 local 2008-Feb-12 04:33:24 UTC So in 2010, pfsense 2 beta 4: ... xss - pkgedit.php...

pfSense - 'interfaces.php?if' Cross-Site Scripting

source: https://www.securityfocus.com/bid/45272/info pfSense is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...