5800 matches found
Cross site scripting
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting XSS through /admin/login.php in the background, which will lead to JavaScript code execution...
CVE-2022-26947
Archer 6.x through 6.9 SP3 6.9.3.0 contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the...
OpenEMR 跨站脚本漏洞
OpenEMR is an open source healthcare management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. cross-site scripting vulnerabilities exist in versions of OpenEMR prior to...
SourceCodester Microfinance Management System 跨站脚本漏洞
SourceCodester Microfinance Management System is an application of SourceCodester, Inc. A cross-site scripting vulnerability exists in SourceCodester Microfinance Management System version 1.0, which stems from The program lacks data validation filters for user-supplied data and output, which can...
WordPress plugin WooCommerce Affiliate 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress WooCommerce Affiliate plugin version prio...
stored xss
Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage Proof of Concept 1. A low-priv user create a page with the following...
OTRS 跨站脚本漏洞
OTRS is an application from the German company OTRS. A service management software. A cross-site scripting vulnerability exists in OTRS, which stems from the translator's lack of filtering and escaping for a small number of translatable strings, and can be exploited to execute JavaScript code by...
HexoEditor 跨站脚本漏洞
HexoEditor is an open source Markdown a markup language that can be written using a normal text editor editor optimized for Hexo a blogging framework. HexoEditor 1.1.8 contains a cross-site scripting vulnerability that can be exploited to place a common cross-site scripting payload into a...
accesslog 代码注入漏洞
accesslog is a simple generic/combined accesslog middleware from the individual developers at Starbuck Starfish in the United States. A security vulnerability exists in accesslog, which stems from a lack of filtering and escaping in the constructor. The vulnerability can be exploited to execute...
DEBIAN-CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...
UBUNTU-CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...
PT-2022-16835 · Unknown +3 · Ckeditor 4 +3
Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.18.0 Description: A vulnerability has been discovered in the core HTML processing module of CKEditor 4, which may affect all plugins used by the editor. This issue allows an attacker to inject malformed HTML,...
Mozilla Thunderbird < 91.7
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-12 advisory. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts,...
Mozilla: iframe allow-scripts sandbox bypass
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...
Mozilla: iframe allow-scripts sandbox bypass
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...
Mozilla: iframe allow-scripts sandbox bypass
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...
Mozilla: iframe allow-scripts sandbox bypass
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...
Oracle Linux 8 : thunderbird (ELSA-2022-0845)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0845 advisory. 91.7.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.7.0-2 - Update to 91.7.0 build2 91.7.0-1 - Upda...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Multisite Content Copier/Updater plugin...
Mageia: Security Advisory (MGASA-2022-0097)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...