4739 matches found
WordPress Shiny Buttons plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. shiny Buttons plugin is a WordPress open source application plugin. the WordPress Shiny Buttons plugin in version 1.1.0...
WordPress Lets-Box Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language.Lets-Box Plugin is a WordPress open source application plugin.Wordpress Lets-Box Plugin has a cross-site scripting vulnerability in versions prior to 1.15.3, which stems from the Lets-Box Plugin'...
Cross site scripting
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
What is Clickjacking ❓ Definition and Prevention techniques
Progressed aggressors are persistently cultivating their systems to avoid region. Eventually, they can cover a clearly harmless site page with an immaterial layer containing noxious affiliations. This strategy for assault, known as clickjacking, could make you instigate your webcam or move cash...
Cross-site Scripting (XSS) - Stored in tsolucio/corebos
Description Stored XSS via File upload with format .xml in Product module. When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary JavaScript code that was injected into attachment before. Proof of Concept alertdocument.domain;...
ZZZCMS Cross-Site Scripting Vulnerability
ZZZCMS is a content management system CMS from the ZZZCMS team in China. ZZZCMS suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the editfile action of /adminxxx/save.php. An attacker could exploit the...
Gryphon Tower Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the url parameter of cgi-bin/luci/siteaccess/, which can be exploited to execute client-side JavaScript...
Cross-site Scripting (XSS) - Generic in bigbluebutton/bigbluebutton
Description Shared notes panel is vulnerable to XSS when rendering a new note, due to missing username sanitization. Proof of Concept 1. 1.Start a new web conference and share the link with other people 2. 2.A malicious user joins the conference with the following username: 3. 3.As soon as the...
WordPress Email Log plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Email Log plugin has a cross-site scripting vulnerability in versions prior to 2.4.8, which stems from a lack of...
CVE-2021-41029
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...
CVE-2021-42752
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests...
Cross site scripting
A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...
Unspecified Vulnerability in Plupload
Plupload is a cross-browser, multi-runtime file upload API. A security vulnerability exists in versions of plupload prior to 2.3.9 that allows an attacker to upload and run files containing JavaScript code...
FortiWeb - Reflected cross-site scripting in error controllers
Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...
IBM Cognos Analytics Information Disclosure Vulnerability (CNVD-2021-95138)
IBM Cognos Analytics is a business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing content such as key factors and key people. IBM Cognos Analytics has a security vulnerability...
Crafter CMS Cross-Site Scripting Vulnerability
Crafter CMS is an open source content management system CMS for digital experience applications.A cross-site scripting vulnerability exists in Crafter CMS, which stems from a lack of data validation filtering of user-supplied data and output. An attacker with a Site role could exploit the...
CVE-2021-23562
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...
CVE-2021-23562
This CVE affects the plupload package prior to v2.3.9. The vulnerability allows a file name containing JavaScript code to be uploaded and executed, requiring social engineering to entice a user to upload such a file. The root cause is insufficient validation of uploaded file names that may contai...
CVE-2021-23562 Arbitrary File Upload
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...
CVE-2021-20493
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794...