CVE-2022-39054 COWELL INFORMATION SYSTEM CO., LTD. enterprise travel management system - Reflected XSS

Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

CVE-2022-39035 Smart eVision - Stored XSS

Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

IBM Application Gateway 跨站脚本漏洞

IBM Application Gateway is an application gateway from International Business Machines IBM, Inc. provides a containerized, secure Web reverse proxy that is designed to sit in front of your application, seamlessly adding authentication and authorization protection to your application.A cross-site...

Reflected Cross-Site Scripting (XSS)

com.liferay:com.liferay.fragment.renderer.collection.filter.impl is vulnerable to reflected cross-site scripting attacks. The library does not properly escape parameters with the filter prefix, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists due to the vulnerable microweber-templates/bootstrap5, microweber-templates/new-world and microweber-templates/shopmag dependencies used in composer.json, allowing an attacker to inject and execute malicious...

Cross-site Scripting (XSS)

smarty/smarty is vulnerable to cross-site scripting. The vulnerability exists because the smartyfunctionmailto function of function.mailto.php does not properly escape the GET and POST input parameters, allowing an attacker to inject and execute malicious javascript...

Smarty 跨站脚本漏洞

Smarty is a PHP-based template engine that facilitates the separation of representations HTML/CSS from application logic. A security vulnerability exists in Smarty versions prior to 3.1.47, and 4.x versions prior to 4.2.1, which stems from the discovery of a cross-site scripting vulnerability...

CVE-2022-36778

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

CVE-2022-36778

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

PT-2022-23187 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 14.0-rc-1 through 14.4-rc-1 Description: The issue allows storing JavaScript in an attachment name, which will be executed by anyone trying to move the corresponding attachment. For example, an attachment with name .jp...

PT-2022-24053 · Ftcms · Ftcms

Name of the Vulnerable Software and Affected Versions: ftcms version 2.1 Description: The issue allows an attacker to insert malicious JavaScript code into the web page, causing the user or administrator to trigger malicious code when accessing. This is a result of a XSS vulnerability in the...

CVE-2022-2941

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

Cross site scripting

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

CVE-2022-2941 WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

PT-2022-19583 · WordPress · Wp-Useronline

Name of the Vulnerable Software and Affected Versions: WP-UserOnline plugin for WordPress versions up to, and including 2.88.0 Description: The issue is due to the lack of proper sanitization and escaping of user input in the "Naming Conventions" section, allowing authenticated attackers with...

Crime Reporting System 跨站脚本漏洞

Crime Reporting System is an online crime reporting system by the individual developer Tedmar Enoria. A security vulnerability exists in the Crime Reporting System version 1.0 that could allow a remote attacker to introduce arbitrary Javascript by manipulating unprocessed POST parameters...

CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

CVE-2022-39824

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...