Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network

The Parrot traffic direction system TDS that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name "NDSW/NDSX," said that "the malware was one of the top...

WordPress Quotes llama plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Quotes llama plugin 0.7 and earlier versions have a cross-site scripting vulnerability that...

WordPress Enable SVG plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Enable SVG plugin version 1.4.0 or earlier has a cross-site scripting vulnerability that...

Creativeitem Academy-LMS Cross-Site Scripting Vulnerability

Creativeitem Academy-LMS, an online learning platform from Creativeitem, Inc. A cross-site scripting vulnerability exists in Creativeitem Academy-LMS v4.3, which stems from a lack of data validation filtering of user-supplied data and output in the SEO panel. An attacker could exploit this...

Home Clean Services Management System Cross-Site Scripting Vulnerability

Home Clean Services Management System is a home cleaning service system. version 1.0 of Home Clean Services Management System is vulnerable to a cross-site scripting vulnerability that originates in register.php?link=registerand lacks checksum filtering of user-supplied data and a lack of data...

Possible cross-site scripting attack via unsanitized SVG files in FoF Upload

Impact If FoF Upload is configured to allow the uploading of SVG files image/svg+xml, navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service...

Zoo Management System Cross-Site Scripting Vulnerability (CNVD-2022-77494)

A cross-site scripting vulnerability exists in Zoo Management System version 1.0, a zoo management system. The vulnerability stems from a lack of data validation filtering of user-supplied data and output by adminname. An attacker could exploit this vulnerability to execute JavaScript code on the...

NetDataSoft DivvyDrive Cross-Site Scripting Vulnerability

NetDataSoft DivvyDrive is an enterprise file management and sharing system from the Turkish company NetDataSoft. Used to encrypt and store all data and allow secure access to your data from anywhere. cross-site scripting vulnerability exists in versions prior to NetDataSoft DivvyDrive v.4.6.2.0,...

Badminton Center Management System跨站脚本漏洞

Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. Badminton Center Management System is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output for the...

GHSA-WMH9-X28J-C6GR Cross site scripting in publify

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...

GHSA-W358-RJ93-R5QV Apache Superset Stored XSS on Dashboard markdown

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

GHSA-V762-47VH-J7Q3 Feehi CMS vulnerable to Cross-site Scripting in Username Field

Feehi CMS 2.0.8 is affected by a cross-site scripting XSS vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS...

Cross site scripting in Crafter CMS

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel...

silverstripe-advancedreports vulnerable to XSS

silverstripe-advancedreports aka the Advanced Reports module for SilverStripe 1.0 through 2.0 is vulnerable to Cross-Site Scripting XSS because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item ak...

GHSA-XVGX-668J-F67P Subrion CMS XSS

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

GHSA-6M27-3R8Q-C7F7 Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores. As per the Magento Release 2.3.3, if you have already...

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store...

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

GHSA-VX7M-V8V2-FHWM Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source...

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source...