CVE-2021-21030 Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

Adobe Magento Cross-Site Scripting Vulnerability (CNVD-2021-13923)

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

Adobe Magento Cross-Site Scripting Vulnerability (CNVD-2021-13918)

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

Cross site scripting

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

CVE-2020-22841

CVE-2020-22841 concerns a Stored XSS vulnerability in b2evolution CMS versions up to and including 6.11.6 . The flaw arises in the plugin module’s plugin name input field , where malicious JavaScript can be stored and later executed by other users. Public references document this as a stored XSS ...

Adobe Magento 跨站脚本漏洞

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

ExpressionEngine: Stored XSS filter bypass on discussion forum.

A vulnerability was identified and fixed that could have allowed attackers to bypass the XSS filter in the discussion forum, enabling arbitrary JavaScript execution in the victim's browser...

Pryaniki Cross-Site Scripting Vulnerability

Pryaniki is a website building system for building a corporate communication platform from the Russian company Pryaniky. The platform is used for organizing communication within the company, motivational planning, idea management projects and other business processes. Pryaniki 6.44.3 suffers from...

U.S. Dept Of Defense: Self stored Xss + Login Csrf

Description: User can set username between 8-20 alphanumeric characters, but with the help of inspect element attacker can manipulate ██████= & can insert a xss payload resulting in self stored xss & with the help of login csrf attacker can force the victim into attacker's account causing...

Apple iOS Input Validation Error Vulnerability

Apple iOS and others are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple watchOS is a smart watch operating system. A security vulnerability exists in a number of Apple products, which arises from the handling of...

CVE-2020-13562

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

CVE-2020-13562

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template aclid parameter...

CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template aclid parameter...

CVE-2020-13563

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template groupid parameter...

Cross site scripting

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

Cross site scripting

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template groupid parameter...

CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template aclid parameter...