4739 matches found
Sales Tracker Management System 1.0 Cross Site Scripting
Exploit Title: Sales Tracker Management System - Cross Site Scripting Vulnerability Authenticated Date: 23/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...
CVE-2023-26283 IBM WebSphere Application Server cross-site scripting
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416...
CVE-2023-28439
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
Bio Protocol - Cross-Site Scripting via tokenURI SVG image
Lines of code Vulnerability details Impact It is possible to inject bio that is a valid javascript code into generated on-chain SVG image. Attacker might pass following payload as bio: alert1234 which will result in generation of SVG image with the code: text font-family: sans-serif; font-size:...
Music Gallery Site 1.0 Cross Site Scripting
Exploit Title: Music Gallery Site - Cross Site Scripting Vulnerability Authenticated Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...
Yoga Class Registration System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Yoga Class Registration System - Cross Site Scripting Vulnerability Authenticated Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.ht...
Medicine Tracker System 1.0 Cross Site Scripting
Exploit Title: Medicine Tracker System - Cross Site Scripting Vulnerability Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-45900)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-45912)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-45914)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Cross site scripting
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
CVE-2022-43874 IBM App Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects
A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target...
CVE-2021-46875
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file...
Cross site scripting
The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting...
CVE-2022-44875
KioWare (Windows) 8.33 and earlier versions are affected by CVE-2022-44875 due to KioScriptingUrlACL.AclActions.AllowHigh being set for the about:blank origin. This allows JavaScript code via KioUtils.Execute to obtain SYSTEM access. The vulnerability details across multiple sources confirm the r...
CVE-2022-44875
KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code...
U.S. Dept Of Defense: XSS Reflected
A reflected XSS vulnerability was discovered in the web asset, allowing an attacker to inject and execute malicious code in a victim's browser...
CVE-2023-26047 teler-waf contains detection rule bypass via entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...
CVE-2023-26047 teler-waf contains detection rule bypass via entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...