GHSA-X7R7-WMJ8-VV5G Cross-site Scripting in OctoPrint

Cross-site Scripting XSS - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. The login endpoint allows for javascript injection which may lead to account takeover in a phishing scenario...

GHSA-FJ26-Q4VH-85F6 MoinMoin Cross-site Scripting (XSS) vulnerability

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...

MoinMoin Cross-site Scripting (XSS) vulnerability

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...

GHSA-3X76-J3JJ-439J MoinMoin Cross-site Scripting (XSS) vulnerability

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...

MoinMoin Cross-site Scripting (XSS) vulnerability

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...

CVE-2021-27442

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code...

Fake reCAPTCHA forms dupe users via compromised WordPress sites

Researchers at Sucuri investigated a number of WordPress websites complaining about unwanted redirects and found websites that use fake CAPTCHA forms to get the visitor to accept web push notifications. These websites are a new wave of a campaign that leverages many compromised WordPress sites...

GHSA-7JG2-JGV3-FMR4 Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8, Firefox 60 and...

GHSA-R69C-5J7C-VM6Q Cross-site Scripting in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...

Cross site scripting

A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

Microweber vulnerable to cross-site scripting (XSS)

Microweber is a drag and drop website builder and a powerful next generation CMS. Microweber versions 1.2.15 and prior are vulnerable to cross-site scripting. This could lead to injection of arbitrary JaveScript code, defacement of a page, or stealing cookies. A patch is available on the master...

CVE-2022-25781

Cross-site Scripting XSS vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session...

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.16, which allows an...

Secomea GateManager 跨站脚本漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerabilities exist in versions prior to Secomea GateManager 9.7, which can be exploited by attackers to inject javascript or html into a logged-in user session...

CVE-2021-43932

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...

Code injection

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists because the attributes have not been sanitized properly which allows an attacker to inject and execute arbitrary javascript...

Cross-site Scripting (XSS)

element-plus is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the popperContent parameter in renderContent function, allowing an attacker to inject and execute malicious javascript via el-table-column...

CVE-2022-1027

The Page Restriction WordPress WP WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users...