Design/Logic Flaw

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in the translationEditor.js, which allows an attacker to inject and execute arbitrary JavaScript into the system...

Cross-Site Scripting (XSS)

ckeditor4 is vulnerable to Cross-Site Scripting XSS attacks. A web page with missing Content Security Policy configuration, initializing the editor on an element other than as a base, allows an attacker to inject and execute malicious javascript on victim's browser...

LISTSERV 17 - Reflected Cross Site Scripting Vulnerability

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Google Dork: inurl:/scripts/wa.exe Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-3919...

CVE-2023-24839

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...

Cross site scripting

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...

HGiga MailSherlock 跨站脚本漏洞

Hgiga MailSherlock is an enterprise email auditing system from China Henderson Technology Hgiga. A cross-site scripting vulnerability exists in HGiga MailSherlock version 4.5, which stems from insufficient filtering of user input by specific function. The vulnerability can be exploited to conduct...

CVE-2023-24839 HGiga MailSherlock - Reflected XSS

HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to scheduler.js because it does not sanitize the html in the time field, which allow an attacker to inject and execute arbitrary JavaScript into the browser...

PT-2023-20584 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server version 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

The plugin does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the SEO and Settings feature because it does not properly validate the HTML tags, which allows attackers to inject and execute malicious JavaScript into the browser...

Stored Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to adding media segment in the videoThumbnailUpdateAction function in SettingsController.php which allows an attacker to inject and execute JavaScript in the browser when viewing the video...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to the getTabPanel function in admin.js caused by the From and To fields when searching in the Application Logger module which allows an attacker to inject and execute arbitrary JavaScript...

Atlassian Jira 8.0.7 < 8.5.5 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.5, 8.6.0 prior to 8.8.2 or 8.9.0 prior to 8.9.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which allows remote attackers to inject arbitrary...

Cross-site Scripting (XSS)

sogo is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the NSString+Utilities.m of Mail Handler, allowing an attacker to inject and execute malicious javascript...

CVE-2023-0746 XSS Vulnerability in GigaVue-FM

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting...

iFAX AvantFAX 跨站脚本漏洞

iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from a stored cross-site scripting XSS vulnerability that can...

answer cross-site scripting vulnerability (CNVD-2023-31163)

answer is knowledge-based open source community software. You can use it to quickly build product technical support, customer support, user communication and other Q&A community. Answer versions prior to 1.0.6 have a cross-site scripting vulnerability that can be exploited by attackers to inject...

answer 跨站脚本漏洞

answer is knowledge-based open source community software. You can use it to quickly build product technical support, customer support, user communication and other Q&A community. Answer versions prior to 1.0.6 have a cross-site scripting vulnerability that can be exploited by attackers to inject...