XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions prior to 9.4-rc-1. An attacker can exploit this vulnerability to inject Javascript code into a page by forging a...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform. An attacker could use this vulnerability to inject Javascript code into a page by forging a URL and trigger a cross-site...

Cross-Site Scripting (XSS)

kiwitcms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of file content validation in the denyuploadscontainingscripttag function of validators.py, which allows an attacker to inject arbitrary JavaScript code into a victim's browser...

Home Assistant < 0.57 XSS Vulnerability

Home Assistant is prone to a cross-site scription XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-Site Scripting (XSS)

phpmyfaq/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of html sanitization in the answer parameter which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2023-2277

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...

Cross site request forgery (csrf)

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...

CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...

CVE-2023-28705

Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it...

CVE-2023-2414

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasavesettingscallback function in versions up to, and including, 4.4.6. This makes it possible for authenticated...

CVE-2023-2414

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasavesettingscallback function in versions up to, and including, 4.4.6. This makes it possible for authenticated...

IBM Sterling Partner Engagement Manager 跨站脚本漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. A security vulnerability exists in IBM Sterling Partner Engagement Manager. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI. Affected...

PT-2023-18981 · Ibm · Ibm Sterling Partner Engagement Manager

Name of the Vulnerable Software and Affected Versions: IBM Sterling Partner Engagement Manager versions 6.1 through 6.2.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...

CVE-2022-4948

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...

CVE-2022-46165

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

Cross-Site Scripting (XSS)

com.liferay:com.liferay.dynamic.data.mapping.form.web is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing a remote authenticated attacker to inject and execute malicious JavaScript on victim's...

JStachio XSS vulnerability: Unescaped single quotes

Impact Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. Reproduction Steps: Use the following template code: html Set the value variable to ' onblur='alert1. java public class Escaping public static void mainString args Model model = ne...

CVE-2023-2405

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

CVE-2023-2301

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...

CVE-2023-2301

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...