4739 matches found
Cross-site Scripting in pekeupload
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed...
Hexo cross-site scripting vulnerability
Hexo is a fast, simple and powerful blogging framework from the personal developer Tommy Chen in China. Hexo suffers from a cross-site scripting vulnerability that stems from Hexo's lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to...
WordPress Stylish Cost Calculator plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in the WordPress Stylish Cost Calculator plugin, which stems...
LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting
The plugin does not escape the qcres parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting PoC As admin, enter the following payload in the Domain Key setting of the plugin: Then open...
Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90754)
Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...
CVE-2021-23673
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed...
CVE-2021-23673 Cross-site Scripting (XSS)
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed...
CVE-2021-23673
CVE-2021-23673 affects all versions of the jQuery plugin pekeupload . An attacker can induce a user to upload a file whose name contains JavaScript, which will be executed in the user’s browser, enabling a Cross-site Scripting (XSS) attack. The vulnerability is documented across multiple sources ...
CVE-2021-38377
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results...
WordPress My Tickets plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress My Tickets plugin in versions prior to 1.8.31 suffers from a cross-site scripting vulnerability...
WordPress QR Redirector plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress QR Redirector plugin in versions prior to 1.6.1,...
WordPress Sprout Invoices plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Sprout Invoices plugin has a cross-site scripting vulnerability in versions prior to 19.9.7, whic...
WordPress Accept Donations with PayPal plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress Accept Donations with PayPal plugin has a cross-site scripting vulnerability in versions prior to 1.3.2, which stems...
SmarterMail Cross-Site Scripting Vulnerability
SmarterMail is a mail server software from Smartertools, Inc. The software supports spam filtering, statistics, and simple mail transfer protocol SMTP authentication.SmarterMail has a cross-site scripting vulnerability in 16.x through 100.x. The vulnerability stems from a lack of data validation...
Drupal 8.9.x < 8.9.20 / 9.1.x < 9.1.14 / 9.2.x < 9.2.9 Multiple Vulnerabilities (drupal-2021-11-17)
According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.20, 9.1.x prior to 9.1.14, or 9.2.x prior to 9.2.9. It is, therefore, affected by multiple vulnerabilities. - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions...
GHSA-PVMX-G8H5-CPRJ Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...
Design/Logic Flaw
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...
CVE-2021-41165 HTML comments vulnerability allowing to execute JavaScript code
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...