5803 matches found
raylib 跨站脚本漏洞
raylib is an easy-to-use library for raysan5 personal developers to enjoy video game programming. A security vulnerability exists in raysan5 raylib versions prior to 4.5.0, which stems from a failure of the SetClipboardText API to properly escape characters, which can be exploited by an attacker ...
CVE-2023-24464
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...
CVE-2023-24464
CVE-2023-24464 is a stored cross-site scripting vulnerability in Buffalo network devices (BS-GS2008/2016/2024/2048 and their “P” variants; firmware 1.0.10.01 and earlier). The underlying issue is a stored XSS in the web management console that allows an attacker with access to the management UI t...
CVE-2023-0157
The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...
Shopify: Reflected XSS on help.shopify.com
A reflected cross-site scripting vulnerability was present in the returnTo parameter on help.shopify.com that allowed javascript code execution if specific steps were followed...
Uptime Kuma 1.19.6 Cross Site Scripting
Exploit Title: Stored XSS in uptime-kuma ""alert"XSS" If anyone loads the page, the javascript inside the script tag will be executed...
CVE-2020-36692
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...
PT-2023-2880 · Sophos · Sophos Web Appliance
Name of the Vulnerable Software and Affected Versions: Sophos Web Appliance versions older than 4.3.10.4 Description: A reflected XSS via POST vulnerability in the report scheduler allows execution of JavaScript code in the victim's browser via a malicious form that must be manually submitted by...
CVE-2023-27489
Kiwi TCMS (open source test management) has a CVE-2023-27489 stored XSS via SVG file upload. The vulnerability arises because uploaded SVGs could contain JavaScript that executes when viewed in contexts that do not render in an HTML page. The issue is mitigated by a CSP header that blocks inline ...
CVE-2023-27489 Stored cross site scripting via SVG file upload in Kiwi TCMS
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code could execute. This...
CVE-2023-28447
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...
UBUNTU-CVE-2023-28447
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...
Cross site scripting
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
Stored Cross-Site Scripting (XSS)
moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of HTML sanitization in the the user ID when exporting to data formats supporting HTML which allows an attacker to inject and execute arbitrary JavaScript when a user clicks on the downloaded file. Not...
Music Gallery Site 1.0 Cross Site Scripting Vulnerability
Exploit Title: Music Gallery Site - Cross Site Scripting Vulnerability Authenticated Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16073/music-gallery-site-using-php-and-mysql-database-free-source-code.html Softwa...
CVE-2023-27592
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
Design/Logic Flaw
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
CVE-2023-27592
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
PT-2023-21232 · Miniflux · Miniflux
Name of the Vulnerable Software and Affected Versions: Miniflux versions 2.0.25 through 2.0.42 Description: The issue arises when Miniflux automatically proxies images served over HTTP to prevent mixed content errors. If an outbound request made by the Go HTTP client fails, the html.ServerError i...