5057 matches found
Cross site scripting
A reflected cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page...
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this...
GHSA-RV8P-RR2H-FGPG @apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
Impact The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this...
react-query-streamed-hydration Cross-site Scripting vulnerability
Impact The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper...
GHSA-997G-27X8-43RF react-query-streamed-hydration Cross-site Scripting vulnerability
Impact The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper...
CVE-2023-5124
The CVE-2023-5124 issue affects Page Layer (Pagelayer) Page Builder for WordPress up to version 1.7.9. The vulnerability allows an attacker with Author+/Administrator privileges to inject malicious JavaScript into a post’s header/footer code, even when unfiltered_html is disallowed (notably in mu...
WordPress plugin Page Builder: Pagelayer security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
PHPJ Callback Widget 1.0 Cross Site Scripting
Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking Author: nu11secur1ty Date: 01/26/2024 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/callback-widget/ Reference: https://portswigger.net/web-security/cross-site-scripting Description: The Callback Requests functi...
RHCOS 4 : OpenShift Container Platform 4.13.5 (RHSA-2023:4093)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4093 advisory. - kube-apiserver: PrivEsc CVE-2023-1260 - openshift: OCP & FIPS mode CVE-2023-3089 - golang: net/http, net/textproto: denial of...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
Cross site scripting
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
CVE-2023-45889
CVE-2023-45889 is a UXSS vulnerability in ClassLink OneClick Extension up to version 10.8, allowing remote injection of JavaScript into arbitrary web pages. The issue stems from an incomplete fix of CVE-2022-48612, as noted across multiple sources (including Red Hat and CVE entries). Affected sof...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
CVE-2023-45889
A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...
VulnCheck KEV: CVE-2021-24290
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages...
StrangeBee TheHive Security Vulnerability
TheHive is a scalable open source security incident response platform. A security vulnerability exists in StrangeBee TheHive versions 5.2.0 through 5.2.8. An attacker exploited the vulnerability to insert malicious JavaScript code into a template or its variables...
CVE-2022-3194
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...
CVE-2023-4757 Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...
CVE-2022-3194 Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators...