WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Cool Tag Cloud plugin in versions prior to 2.26 suffers from a cross-site scripting vulnerability...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress WP Sitemap Page plugin has a cross-site scripting vulnerability in versions prior to 1.7.0, which stems from ...

WordPress YouTube plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress YouTube plugin before version 1.4 has a cross-site scripting vulnerability that stems from a lack of checksum filtering ...

Cross-site Scripting in PiranhaCMS

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

GHSA-JVJP-VH27-R9H5 Cross-site Scripting in PiranhaCMS

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Redis Labs Redis 跨站脚本漏洞

Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A cross-site scripting vulnerability exists in ASRedis versions prior to 0.5, which can be exploited ...

Shopware 跨站脚本漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware in versions prior to 5.7.6 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description When uploading a new module, the description of the module can contain JavaScript code. After uploading the new module and looking at the Details page, the JavaScript code would be executed. Proof of Concept - I downloaded this module...

GHSA-W7X8-CQ7R-G5G9 Cross Site Scripting in Microweber

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

CVE-2021-25977

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Design/Logic Flaw

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

CVE-2021-25977 Piranha CMS - Stored XSS in Page Title

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

CVE-2021-25977 Piranha CMS - Stored XSS in Page Title

In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...

Akaunting 跨站脚本漏洞

Akaunting, an application from Akaunting, Inc. provides all the tools needed to manage funds online.Akaunting version 1.3.17 contains a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied and output data in the company name input field. An attacker cou...

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content...

McAfee Epolicy Orchestrator 跨站脚本漏洞

McAfee Epolicy Orchestrator McAfee Epo is a U.S.-based solution for managing endpoint, network, data security, and compliance. A cross-site scripting vulnerability exists in McAfee ePolicy Orchestrator that originates from an attacker being able to trigger cross-site scripting in McAfee ePO in...

McAfee Epolicy Orchestrator 跨站脚本漏洞

McAfee Epolicy Orchestrator McAfee Epo is a U.S.-based solution for managing endpoint, network, data security, and compliance. A cross-site scripting vulnerability exists in McAfee ePolicy Orchestrator, which can be exploited by an attacker to run JavaScript code in the context of a Web site...

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

Cross site scripting

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...