CVE-2023-22856

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file...

CVE-2023-22857 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post...

CVE-2023-22856 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file...

BlogEngine 跨站脚本漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A security vulnerability exists in BlogEngine.NET version 3.3.8.0. An attacker exploits this vulnerability to inject arbitrary JavaScript in the secure environment of a blog visitor by...

PT-2023-18732 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: A stored Cross-site Scripting XSS vulnerability allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of santization in the GDPR export email address input, which allows an attacker to inject and execute arbitrary JavaScript into the system...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

PT-2023-21055 · Git +1 · Opencats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves improper neutralization of input during web page generation. This allows an unauthenticated attacker to submit malicious Javascript a...

Reflected Cross-site Scripting (XSS)

generator-hottowel is vulnerable to Reflected Cross-site Scripting XSS attacks. The library does not properly handle invalid calls to assets as it uses a custom 404 response object, allowing an attacker to inject and execute JavaScript through the app.use function in app/templates/src/server/app....

Metasploit Wrap-Up

Basic discover script improvements This week two improvements were made to the script/resource/basicdiscovery.rc resource script. The first update from community member samsepi0x0 allowed commas in the RHOSTS value, making it easier to target multiple hosts. Additionally, adfoster-r7 improved the...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in instances.php due to missing sanitization to escape newly added values which allows an attacker to inject and execute JavaScript...

CVE-2023-25928 IBM InfoSphere Information Server cross-site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646...

CVE-2023-0442 Loan Comparison < 1.5.2 - Reflected XSS via shortcode

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL...

CVE-2023-0442

CVE-2023-0442 affects the WordPress plugin Loan Comparison up to version 1.5.2 (pre-1.5.3). Root cause: the plugin does not validate and escape certain query parameters before echoing them in pages/posts via the embedded shortcode, enabling reflected XSS through a crafted URL. Impact: attacker co...

PT-2023-16628 · WordPress · Japanized For Woocommerce

Name of the Vulnerable Software and Affected Versions: Japanized For WooCommerce plugin for WordPress versions up to, and including, 2.5.4 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This...

SUSE CVE-2008-2801

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...

SUSE CVE-2012-3508

Cross-site scripting XSS vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email...

SUSE CVE-2017-5010

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

SUSE CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...