Cross-Site Scripting (XSS)

cyberchef is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript code into a victim's browser via the text encoding brute force process...

Tiki Wiki CMS Groupware <= 18.4 XSS Vulnerability

Tiki Wiki CMS Groupware is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2019-15314

tiki/tiki-uploadfile.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-downloadfile.php?display&fileId= URI...

Code injection

tiki/tiki-uploadfile.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-downloadfile.php?display&fileId= URI...

CVE-2019-15314

tiki/tiki-uploadfile.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-downloadfile.php?display&fileId= URI...

CVE-2019-4482

IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

CVE-2019-6159

A stored cross-site scripting XSS vulnerability exists in various firmware versions of the legacy IBM System x IMM IMM v1 embedded Baseboard Management Controller BMC. This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be...

CVE-2019-6159

A stored cross-site scripting XSS vulnerability exists in various firmware versions of the legacy IBM System x IMM IMM v1 embedded Baseboard Management Controller BMC. This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be...

CVE-2019-14427

XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code...

Cross site scripting

XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code...

UNA 10.0.0 RC1 - (polyglot.php) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: UNA - 10.0.0-RC1 stored XSS vuln. Exploit Author: Greg.Priest Vendor Homepage: https://una.io/ Software Link: https://github.com/unaio/una/tree/master/studio Version: UNA - 10.0.0-RC1 Tested on: Windows/Linux CVE : CVE-2019-1480...

UNA 10.0.0 RC1 Cross Site Scripting

Exploit Title: UNA - 10.0.0-RC1 stored XSS vuln. Date: 2019 08 10 Exploit Author: Greg.Priest Vendor Homepage: https://una.io/ Software Link: https://github.com/unaio/una/tree/master/studio Version: UNA - 10.0.0-RC1 Tested on: Windows/Linux CVE : CVE-2019-14804 UNA-v.10.0.0-RC1 Stored XSS...

UNA 10.0.0 RC1 - &#039;polyglot.php&#039; Persistent Cross-Site Scripting

Exploit Title: UNA - 10.0.0-RC1 stored XSS vuln. Date: 2019 08 10 Exploit Author: Greg.Priest Vendor Homepage: https://una.io/ Software Link: https://github.com/unaio/una/tree/master/studio Version: UNA - 10.0.0-RC1 Tested on: Windows/Linux CVE : CVE-2019-14804 UNA-v.10.0.0-RC1 Stored XSS...

Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Vulnerability Exploit Author: Greg.Priest Vendor Homepage: https://open-school.org/ Software Link: Version: Open-School 3.0/Community Edition 2.3 Tested on: Windows/Linux CVE :...

Open-School 3.0 / Community Edition 2.3 Cross Site Scripting

Exploit Title: title Date: 2019 08 06 Exploit Author: Greg.Priest Vendor Homepage: https://open-school.org/ Software Link: Version: Open-School 3.0/Community Edition 2.3 Tested on: Windows/Linux CVE : CVE-2019-14696 Open-School 3.0, and Community Edition 2.3, allows XSS via the...

CVE-2019-14670

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation...

CVE-2019-14670

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation...

CVE-2019-14667

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

CVE-2019-14667

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action...

Input validation

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page...