WordPress plugin SVG Support 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress SVG Support plugin in versions prior to 2.3.20 suffers from a cross-site scripting vulnerability, which stems from a lack of data validation filtering of user-supplied data and output...

Emlog 跨站脚本漏洞

Emlog is a PHP and MySQL-based CMS website builder from Emlog personal developers. Emlog suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could use this vulnerability to execute JavaScript code ...

多款Apple产品安全漏洞

Apple tvOS and others are products of Apple Inc. in the U.S. Apple tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. apple macOS Monterey is the 18th major version of macOS, the operating system used for the Macintosh desktop. A security vulnerability exists in...

ForestBlog 跨站脚本漏洞

ForestBlog is an application. A personal blog. ForestBlog suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute JavaScript code on the client side...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Code Snippets plugin for WordPress prior to 2.14.3,...

WordPress plugin 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. a cross-site scripting vulnerability exists in versions of WordPress prior to myCred plugin 2.4, which...

U.S. Dept Of Defense: Reflected XSS at https://█████ via "██████████" parameter

There is Reflected Cross site scripting issue at the following url: https://█████ Proof Of Concept https://████████?█████=%22onfocus%3d%22alertdocument.domain%22autofocus%3d%22&█████████████████████=Search ████ Best Regards @pelegn Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing...

Cross-site Scripting (XSS) - Reflected in mermaid-js/mermaid-live-editor

Description There is a reflected XSS vulnerability in Mermaid v8.13.9 Live Editor. It is fixed in Mermaid develop Branch - Proof of Concept Open following link: \ \ \ \ Or copy & paste following in Mermaid v8.13.9 Live Editor: classDiagram class Duck +String beakColor +swim +quack Impact Execute...

Mitsubishi Electric MC Works64 跨站脚本漏洞

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. Mitsubishi Electric MC Works64 suffers from a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied data and output. An attacker could exploi...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited to run JavaScript in the context of the...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Modern Events Calendar Lite plugin in versions prior to 6.2.0 suffers from a cross-site scripting...

Cross-site Scripting (XSS) - Stored in crater-invoice/crater

Description There is a vulnerability in the upload avatar functionality of crater invoice which would allow an attacker to upload malicious .SVG files in order to execute Javascript. All that is required is that the victim browse to the link location of the .SVG file Proof of Concept xss.svg:...

CVE-2022-22112

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

Caldera 跨站脚本漏洞

A cross-site scripting vulnerability exists in version 2.8.1 of Caldera, a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices, which stems from a lack of effective filtering and escaping of user-submitted paramete...

Mozilla Firefox 安全特征问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security signature issue vulnerability exists in Mozilla Firefox due to an error in the implementation of the iframe sandbox when processing XSLT markup. A remote attacker can bypass the iframe sandbox and execute...

WordPress插件跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress 10Web Social Photo Feed Plugin has a cross-site scripting vulnerability in versions prior to 1.4.29, which stems...

MediaWiki 跨站脚本漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in MediaWiki, which stems from a failure of the...

CVE-2022-22112

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

CVE-2022-21662 Stored XSS in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched...

PT-2022-1813 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to insufficient access controls in Microsoft Edge, allowing a remote attacker to elevate privileges in the system. This can enable the execution o...