Seo Panel 4.8.0 - (category) Reflected XSS Vulnerability

Exploit Title: Seo Panel 4.8.0 - 'category' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28418 -Description: A...

Seo Panel 4.8.0 - (from_time) Reflected XSS Vulnerability

Exploit Title: Seo Panel 4.8.0 - 'fromtime' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28420 -Description: A cross-site scripting XSS issue in Seo Panel 4.8.0 allows remote attackers ...

Seo Panel 4.8.0 Cross Site Scripting

Exploit Title: Seo Panel 4.8.0 - 'searchname' Reflected XSS Date: 21-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28417...

Seo Panel 4.8.0 - (search_name) Reflected XSS Vulnerability

Exploit Title: Seo Panel 4.8.0 - 'searchname' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28417 -Description: A...

CVE-2020-4354

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field

The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...

IBM WebSphere Exteme Scale Cross-Site Scripting Vulnerability

IBM WebSphere Exteme Scale is a resilient, highly scalable in-memory data grid from IBM USA. It can provide predictable responsiveness to meet exponential demands on data. A cross-site scripting vulnerability exists in IBM WebSphere Exteme Scale Liberty, which stems from a lack of proper validati...

Cross site scripting

Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack...

Hundred Plus 101EIP 跨站脚本漏洞

The Hundred Plus 101EIP system is a cloud-based office platform from Taiwan-based Hundred Plus Corporation Hundred Plus that has been optimized by gathering the experience of many enterprises. 101EIP suffers from a cross-site scripting vulnerability that stems from the calendar add event feature...

Postbird 0.8.4 - Javascript Injection Exploit

Exploit Title: Postbird 0.8.4 - Javascript Injection Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload PostgreSQL Password...

Gris CMS Cross-Site Scripting Vulnerability

Gris CMS is a flat file CMS for developers and Markdown enthusiasts. A cross-site scripting vulnerability exists in Gris CMS v0.1, which stems from a lack of proper validation of client data in the web application, and can be exploited by an attacker to inject malicious JavaScript code to steal...

Mediat Cross-Site Scripting Vulnerability

Mediat is a responsive media CMS. A cross-site scripting vulnerability exists in Mediat version 1.4.1, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to inject malicious JavaScript code to steal user credentials...

OpenWrt LuCI Web接口跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability in the web interface of OpenWRT LuCI version 19.07 allows attackers to inject arbitrary Javascript into OpenWRT hostnames via a hostname change operation...

Mediat 跨站脚本漏洞

Mediat is a responsive media CMS. A cross-site scripting vulnerability exists in Mediat version 1.4.1, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to inject malicious JavaScript code to steal user credentials...

Cross-site Scripting (XSS)

vrana/adminer is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser via a link argument in the function doclink...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-37282)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the Store...

CVE-2021-29503

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

Cross site scripting

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

CVE-2021-29503 Improper Neutralization of Script-Related HTML Tags in Notes

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...