5068 matches found
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-start" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-start p1-start & p2-start...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtereritem" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...
CVE-2021-20683
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20681
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20683
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
Input validation
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20681
CVE-2021-20681 affects baserCMS prior to 4.4.5. The issue is improper neutralization of JavaScript input in the page editing feature, allowing remote authenticated attackers to inject arbitrary scripts via unspecified vectors. Impact is described as potential script execution in the user’s browse...
Rocket.Chat 跨站脚本漏洞
Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in versions prior to Rocket.Chat 3.11, 3.10.5, 3.9.7, and 3.8.8 that allows remote attackers to inject arbitrary JavaScript into messages...
SEO Panel Cross-Site Scripting Vulnerability (CNVD-2021-23383)
SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in SEO Panel version 4.8.0. The vulnerability can be exploited to inject JavaScript via the totime parameter in webmaster-tools.php...
Plone cross-site scripting vulnerability (CNVD-2021-22849)
Plone is an open source content management system CMS built on the Zope application server. A cross-site scripting vulnerability exists in Plone version 5.2.3, which stems from the form.widgets.sitetitle parameter not effectively filtering user input, and can be exploited by an attacker to inject...
SEO Panel Cross-Site Scripting Vulnerability (CNVD-2021-23384)
SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in SEO Panel version 4.8.0. An attacker can exploit this vulnerability to inject JavaScript via the reporttype parameter in archive.php...
SEO Panel Cross-Site Scripting Vulnerability (CNVD-2021-23382)
SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in SEO Panel version 4.8.0. The vulnerability can be exploited to inject JavaScript via the type parameter in archive.php...
SEO Panel 跨站脚本漏洞
SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in SEO Panel version 4.8.0. The vulnerability can be exploited to inject JavaScript via the totime parameter in webmaster-tools.php...
CVE-2021-29009
A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter...
CVE-2021-29008
A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "totime" parameter...
CVE-2021-29010
A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "reporttype" parameter...
CVE-2021-29009
A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter...
CVE-2021-29010
A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "reporttype" parameter...
Cross site scripting
A cross-site scripting XSS issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "reporttype" parameter...