PT-2022-22318 · Synel +1 · Eharmony +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allows an attacker to inject HTML or JavaScript code into a vulnerable input field. To reach the vulnerable input, an attacker would navigate to Workers worker nickname, and...

CVE-2022-34768

insert HTML / js code inside input how to get to the vulnerable input : Workers worker nickname inject in this input the code...

CVE-2022-36967

In Progress WSFTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WSFTP administrator's web session. This would allow the attacker to...

Progress WS_FTP Server 跨站脚本漏洞

Progress WSFTP Server is an effective and highly manageable FTP server from Progress. A security vulnerability exists in Progress WSFTP Server versions prior to 8.7.3, which originates from a remote attacker who can utilize its web management interface to inject arbitrary JavaScript into a WSFTP...

Cross-site Scripting (XSS)

github.com/velocidex/velociraptor is vulnerable to cross-site scripting. The vulnerability exists in multiple functions in artifacts/syntax.js because the variables are not properly escaped in artifact collection report which allows an attacker to inject and execute malicious javascript...

PT-2022-20920 · Ibm · Ibm Datapower Gateway

Name of the Vulnerable Software and Affected Versions: IBM DataPower Gateway versions 10.0.1.0 through 10.0.1.8 IBM DataPower Gateway versions 10.0.2.0 through 10.0.4.0 IBM DataPower Gateway version 10.5.0.0 IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.21 Description: This issue...

CVE-2022-35630

A cross-site scripting XSS issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2...

Cross-site Scripting (XSS)

fava is vulnerable to cross-site scripting. The vulnerability exists because of the lack of escaping error messages in errors.html, allowing an attacker to inject and execute malicious javascript through the malicious verbatim parameters...

Cross-site Scripting (XSS)

fava is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the querystring parameters of Query.svelte, allowing an attacker to inject and execute malicious javascript...

PT-2022-16328 · WordPress · Inspiro Pro

Name of the Vulnerable Software and Affected Versions: Inspiro PRO WordPress plugin affected versions not specified Description: The issue allows users with privileges as low as Contributor to inject JavaScript into the portfolio slider description due to a lack of sanitization. This can lead to...

Atlassian Jira Confluence Server and Data Center 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Confluence Server and Data Center, which originates in the Livesearch macro that allows remot...

CVE-2022-22999

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...

Cross site scripting

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...

markdown-it-decorate 跨站脚本漏洞

markdown-it-decorate is used to add attributes, IDs, and classes to Markdown by Rico Sta. Cruz, a personal developer in Australia. A security vulnerability exists in markdown-it-decorate, which can be exploited by an attacker to add the event handler javascript:xxx for links...

PT-2022-15769 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud devices affected versions not specified Description: The issue allows a malicious user with elevated privileges to construct and inject JavaScript payloads into an authenticated user's browser, potentially gaining...

Inspiro Premium < 7.2.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. PoC Steps to reproduce: 1 As a Contributor, go to portfolio on the dashboard and add new item. 2 on the editing page that comes up, scroll...

PSA: Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability

The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been...

Cross site scripting

IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430...

Cross-Site Scripting (XSS)

mediawiki is vulnerable to cross-site scripting. The vulnerability exsits in showSuccessPage function in SpecialCreateAccount.php because the username is not properly escaped which allows an attacker to inject and execute javascript...

Improper Link Input Validation leads to Cross-site Scripting (XSS)

Description The link input validation is not filtered protocol javascript of href attribute. It allows attackers to inject malicious links to many fields of the website, such as author introduction, user summary, and book description, ... which could execute javascript code XSS. Proof of Concept...