CVE-2022-39824

CVE-2022-39824 (Appsmith) : The provided documents confirm a server-side JavaScript injection vulnerability in Appsmith up to version 1.7.14, exploitable via the currentItem property of the list widget. The underlying issue allows remote attackers to run arbitrary JavaScript on the server, leadin...

CVE-2022-39824

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...

CVE-2022-38790

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...

CVE-2022-38790

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...

CVE-2022-36036

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

Code injection

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

CVE-2022-36036

**Summary**CVE-2022-36036 affects the mdx-mermaid component, enabling arbitrary JavaScript injection by placing code into mermaid blocks. Versions affected: < 1.3.0 and

CVE-2022-34257 Adobe Commerce Stored XSS Arbitrary code execution

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

CVE-2022-24654

Authenticated stored cross-site scripting XSS vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload...

Cross-Site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization of enddate parameter which allows a remote attacker to inject and execute malicious javascript into the system...

IIntelbras ATA 200 跨站脚本漏洞

Intelbras ATA 200 is a VOIP line adapter for analog telephones from Intelbras, Brazil. It is intended to be integrated between telephone systems. A security vulnerability exists in Intelbras ATA 200 version 74.19.10.21, which originates from the storage of cross-site scripting in the "Field Serve...

PT-2022-16776 · Intelbras · Intelbras Ata 200

Name of the Vulnerable Software and Affected Versions: INTELBRAS ATA 200 Firmware version 74.19.10.21 Description: The issue is an authenticated stored cross-site scripting XSS vulnerability in the "Field Server Address" field. This allows attackers to inject JavaScript code through a crafted...

GHSA-65WF-QM95-6MHM ForkCMS XSS via `publish_on_date` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishondate Parameter. This issue was patched in version 5.11.0...

GHSA-9HMC-87H4-W869 ForkCMS stored XSS via `start_date` parameter

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the startdate Parameter. This issue was patched in version 5.11.0...

CVE-2021-42751

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

CVE-2021-42751

CVE-2021-42751 describes a cross-site scripting (XSS) flaw in ThingsBoard 3.3.1, where an attacker with administrative access can inject arbitrary JavaScript into the description of a rule node. The payload can execute in the editor when hovering over the node, as demonstrated by PoCs in Exploit-...

CVE-2022-35590

A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...

CVE-2022-35589

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter...

CVE-2022-35589

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter...