5053 matches found
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
UBUNTU-CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
PYSEC-2023-93
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
Design/Logic Flaw
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
PYSEC-2023-93
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
CVE-2023-37360
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...
Pacparser 注入漏洞
Pacparser is a library for parsing Proxy Autoconfiguration PAC files by the individual developer Manu Garg. A security vulnerability exists in versions of Pacparser prior to 1.4.2 that stems from allowing JavaScript injection when an attacker takes control of a URL and may allow privilege...
PT-2023-25930 · Pacparser +1 · Pacparser +1
Name of the Vulnerable Software and Affected Versions: Pacparser versions prior to 1.4.2 Description: The issue allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL, which may be realistic within enterprise security products. Recommendations: For...
CVE-2023-37360
Pacparser ( Pacparser ) before 1.4.2 is affected by CVE-2023-37360 through the function pacparser_find_proxy. The vulnerability arises when the attacker controls the URL, enabling JavaScript injection and potentially privilege escalation within enterprise security product scenarios. The provided ...
XSS Reflected via import file funtion
Description The application does import data from the file without cleaning the data inside before processing, resulting in javascript code that can be injected and triggered when the victim executes the function. Proof of Concept Step1: The attacker creates a .csv file containing a payload to...
PT-2023-25856 · Mediawiki +1 · Googleanalyticsmetrics +1
Name of the Vulnerable Software and Affected Versions: GoogleAnalyticsMetrics extension for MediaWiki versions through 1.39.3 Description: An issue was discovered in the googleanalyticstrackurl parser function, which does not properly escape JavaScript in the onclick handler and does not prevent...
CVE-2023-35156
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35159
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...
Code injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35156 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35155 XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. For instance, the following URL execute an alter on the browser:...