CVE-2022-28712

A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger thi...

CVE-2022-26842

A reflected cross-site scripting xss vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP...

CVE-2022-26842

A reflected cross-site scripting xss vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP...

PT-2022-18094 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and dev master commit 3f7c0364 Description: A reflected cross-site scripting issue exists in the charts tab selection functionality. This can be triggered by a specially-crafted HTTP request, leading to arbitrary...

PT-2022-19188 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and dev master commit 3f7c0364 Description: A cross-site scripting issue exists in the videoAddNew functionality, allowing arbitrary Javascript execution through a specially-crafted HTTP request. This can be triggere...

Shopify: Cross-site scripting on api.collabs.shopify.com

Summary: Shopify collabs collabs.shopify.com is a new platform for content creators / influencers to discover and advertise the millions of brands of Shopify. The content creators can apply for different brands on this platform and get paid affiliate marketing. I discovered a cross-site scripting...

CVE-2022-38192

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

WWBN AVideo videoAddNew cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1540 WWBN AVideo videoAddNew cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-28712 SUMMARY A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 11.6. An attacker can exploit this vulnerability to execute arbitrary Javascript via a specially crafted HTTP request...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 11.6. An attacker can exploit this vulnerability to execute arbitrary Javascript via a specially crafted HTTP request...

WWBN AVideo image403 cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2022-1539 WWBN AVideo image403 cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-30690 SUMMARY A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

Esri Portal for ArcGIS 跨站脚本漏洞

Esri Portal For ArcGis is a component of Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal for ArcGIS, which stems from a stored cross-site scripting XSS vulnerability...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from the presence of an insecure default file type filtering policy that allows execution of insecure JavaScript in deployed applications...

Cross site scripting

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the...

CVE-2022-35697 AEM File Upload Security Issue leading to RXSS

Adobe Experience Manager Core Components version 2.20.6 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2021-46678

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...

CVE-2021-46680

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field...

CVE-2021-46680

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field...

CVE-2021-46677

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field...

CVE-2021-46677

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field...