Mozilla Firefox ESR < 91.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-11 advisory. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts,...

CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

MaxSite CMS 跨站脚本漏洞

MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project.Maxsite CMS has a cross-site scripting vulnerability , the vulnerability stems from the lack of parameters in the management file f the user-supplied data and output data validation filter , an attacker...

Ice Hrm 跨站脚本漏洞

Ice Hrm is a human resource management system. Ice Hrm version 30.0.0.OS is vulnerable to a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied data and output data in the key and fm parameters in the component login.php. An attacker could exploit this...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress EditableTable plugin versions prior to 0.1.4 have a cross-site scripting vulnerability that stems from the...

WordPress plugin Testimonial 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress Testimonial Plugin prior to 1.4.7. The vulnerability stems from the failure of the Testimonial plugin to clean and escape...

CVE-2022-24948

A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users...

BloofoxCms 跨站脚本漏洞

BloofoxCms is a Php-based text content management system from alexlang24 personal developer. bloofoxCMS suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the file and type parameters in index.php. An attacker...

CVE-2022-24708 Stored XSS vulnerability in anuko/timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

CVE-2021-46678

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...

CVE-2021-46679

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements...

CVE-2021-46677

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field...

CVE-2021-46676

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field...

CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

WordPress Survey Maker 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Survey Maker plugin 2.0.6 and previous versions have a cross-site scripting vulnerability, which can be exploited by attacke...

Cross-site Scripting (XSS) - Stored

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. I used &10 Line Feed character in the href attribute of tag to bypass th...

CVE-2022-25256

SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfsrequestbacklabellist and saspfsrequestbackurllist. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing...

Sas Institute Sas Web Report Studio 跨站脚本漏洞

Sas Institute Sas Web Report Studio is a web application from Sas Institute, Inc. It is used to view, interact with, create, and distribute public and private reports. A cross-site scripting vulnerability exists in Sas Institute Sas Web Report Studio, which stems from Do having two parameters:...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. PoC js const postLoader = require'post-loader' var payload =...

Jenkins 插件跨站脚本漏洞

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. JenkinsTeam Views Plugin cross-site scripting vulnerability. This vulnerability allows an attacker to execute JavaScript code on the client side...