Stored Cross Site Scripting (XSS) in parameter rp4wp[heading_text]

Description The Related Posts for WordPress plugin is vulnerable to stored XSS, specifically in the rp4wpheadingtext parameter because the user input is not properly sanitized, allowing the insertion of JavaScript code that can exploit the vulnerability. Proof of Concept 1 - Install and activate...

Dotnetnuke 6.0.x < 9.11.0 Multiple Vulnerabilities (09.11.00)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 9.11.0. It is, therefore, affected by multiple vulnerabilities. - A third-party dependency, Moment.js, published security updates to their library. Fixes for the Issue DNN Platfor...

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency...

CVE-2021-42048

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...

CVE-2022-22387

IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965...

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2022-77519)

IBM InfoSphere Information Server is a data integration platform from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources.A security vulnerability exists in IBM InfoSphere Information Server version 11.7. An attacker could...

CVE-2022-40748

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586...

CVE-2022-35721

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Stored XSS in Notifications

Description It is possible to create a notification with stored XSS which can result in the JavaScript code execution. Notifications can only be created while logged in on user with admin privileges, but once notification is created any user can see it. Proof of Concept Create notification with...

Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://profiles.wordpress.org/3dady/ Software Link:...

Zapier 安全漏洞

Zapier is a product of Zapier, Inc. that allows end users to integrate the We b applications they use and automate workflows. A security vulnerability exists in versions of Zapier prior to 2022-08-17 that stems from code written to allow in-account privilege escalation. An attacker exploited the...

Mozilla Thunderbird < 91.13.1

The version of Thunderbird installed on the remote Windows host is prior to 91.13.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-39 advisory. - If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the...

Mozilla Thunderbird < 91.13.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.13.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-39 advisory. - If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having...

GHSA-3JH2-WMV7-M932 LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter

LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance Title parameter. A patch is available and anticipated to be part of version 22.9.0...

Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows cross-site scripting. A web page that uses smartyfunctionmailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user...

Security Bulletin: A cross-site scripting vulnerability occurs in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4410)

Summary A cross-site scripting vulnerability was found in IBM Business Automation Workflow and IBM Business Process Manager. Vulnerability Details CVEID: CVE-2019-4410 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

Input validation

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

Revive Adserver: Multiple cross-site scripting (XSS) vulnerabilities in Revive Adserver

Vulnerability description not provided...