4739 matches found
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...
CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...
Hardcoded credentials
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...
Bludit 3.13.1 - (username) Cross Site Scripting Vulnerability
Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to reproduce 1. Open...
CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...
CVE-2021-25984
In Factor App Framework & Headless CMS forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting XSS at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...
CVE-2021-25984 FactorJS - Stored Cross-Site Scripting (XSS) in Post Reply Functionality
In Factor App Framework & Headless CMS forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting XSS at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...
CVE-2021-25983 FactorJS - Reflected Cross-Site Scripting (XSS) in Tags and Categories Functionality
In Factor App Framework & Headless CMS forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting XSS at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...
IBM Tivoli Key Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2021-91634)
IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM Corporation in the United States. The software provides key storage, key maintenance, and key lifecycle management for storage devices.IBM Tivoli Key Lifecycle Manager has a security vulnerability that...
Mail.ru: stand.pw.mail.ru xss
http://stand.pw.mail.ru:9100/news.php?archive=news&type=last"alert1&page=1 payload is:"alert1 Impact Can steal Cookie, Can run javascript code, and get information sensitive...
Malicious Package
rc is a malicious package. The package contains a preinstall script that would execute malicious Javascript code to steal passwords from various applications...
Malicious Package
coa is a malicious package. The package contains a preinstall script that would execute malicious Javascript code to steal passwords from various applications...
WordPress Translate WordPress-Google Language Translator plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. Translate WordPress-Google Language Translator prior to version 6.0.12 suffers from a cross-site scripting vulnerability, which...
WordPress AddToAny Share Buttons Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress AddToAny Share Buttons plugin in versions prior t...
WordPress Storefront Footer Text plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Storefront Footer Text plugin in version 1.0.1 an...
Cross site scripting
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the...
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server)
Impact In certain configurations, Apollo Server serves the client-side web app "GraphQL Playground" from the same web server that executes GraphQL operations. This web app has access to cookies and other credentials associated with the web server's operations. There is a cross-site scripting...
CVE-2021-39906
Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...
CVE-2021-22260
Removed by vendor...
CVE-2021-39906
Removed by vendor...