Cross-site Scripting (XSS)

yiisoft/yii2-gii is vulnerable to cross-site scripting. The vulnerability exists in the rules function of Generator.php due to a lack of proper validation rules for enableI18N and messageCategory which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

ms-mcms is vulnerable to cross-site scripting. The vulnerability exists due to the manipulation of contenttitle argument in search.do which allows an attacker to inject and execute malicious JavaScript...

Planet Enterprises Planet eStream 跨站脚本漏洞

Planet Enterprises Planet eStream is a very simple and secure tool from Planet Enterprises, Inc. It can make video more accessible to students and staff at all levels of education. A cross-site scripting vulnerability exists in Planet Enterprises Planet eStream versions prior to 6.72.10.07, which...

Lansweeper 跨站脚本漏洞

Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. A security vulnerability exists in Lansweeper version 10.1.1.0, which stems from the presence of stored cross-site scripting, where a special...

Lansweeper 跨站脚本漏洞

Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. A security vulnerability exists in Lansweeper version 10.1.1.0. An attacker can exploit the vulnerability to inject arbitrary Javascript code...

CVE-2022-36433

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting.The vulnerability exists in the sanitise function of HTMLEditorSanitiser.php because of using white space characters in HTMLEditor which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting. The vulnerability exists in the sanitise function of HTMLEditorSanitiser.php because of uppercase characters in HTMLEditor which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

Silverstripe is vulnerable to cross-site scripting.The vulnerability exists in $allowedextensions array of File.php because of uploading .gpx files which allows an attacker to inject and execute malicious javaScript...

Ecommerce 1.0 Cross Site Scripting / Open Redirect

Title: Ecommerse-1.0 XSS-Reflected Hijack-credentials - JavaScript Injection Author: nu11secur1ty Date: 11.23.2022 Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference:...

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

Cross-site Scripting (XSS)

Concrete CMS is vulnerable to cross-site scripting. The vulnerability exists due to unsanitized outputs in the pagereport.php, allowing an attacker to inject and execute malicious JavaScript...

WordPress plugin Follow Me Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Follow Me Plugin 3.1.1 and...

Cross-Site Scripting (XSS)

github.com/phachon/mm-wiki is vulnerable to cross-site scripting. The vulnerability exists in the create new space page when sending a POST because the inputs are not properly sanitized which allows an attacker to inject and execute javascript...

IBM Cloud Pak for Security 跨站脚本漏洞

IBM Cloud Pak for Security is an application from International Business Machines IBM, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated actions faster.IBM Cloud Pak for Security has a security vulnerability th...

ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname

Critical severity. It is possible to inject JavaScript XSS in the content type entries "name" and "short name". To exploit this, one must already have permission to edit content types, which limits it in many cases to people who are already administrators. However, please verify which users have...

CVE-2022-31688

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting XSS vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window...

PT-2022-24950 · Unknown · Octocat.Js

Name of the Vulnerable Software and Affected Versions: octocat.js versions prior to 1.2 Description: The issue concerns JavaScript injection via user-provided URLs. Users can include their own images for accessories via provided URLs, which are not validated, resulting in the potential execution ...

Cross-site Scripting (XSS)

github.com/eolinker/apinto-dashboard is vulnerable to cross-site scriptingXSS attacks. A remote authenticated attacker is able to inject and execute malicious javascript on the victim's machine via the argument callbacks in the /login file...