CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...

CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...

CVE-2022-23008

Summary: CVE-2022-23008 affects the NGINX Controller API Management software (versions 3.18.0–3.19.0). Vulnerability: An authenticated user with the user or admin role can access undisclosed API endpoints to inject JavaScript that runs on managed NGINX data plane instances. The Red Hat advisory c...

PT-2022-15775 · Nginx · Nginx Controller Api Management

Name of the Vulnerable Software and Affected Versions: NGINX Controller API Management versions 3.18.0 through 3.19.0 Description: An authenticated attacker with access to the user or admin role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is...

F5 Nginx 跨站脚本漏洞

The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...

CVE-2022-23045

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS...

phpIPAM 跨站脚本漏洞

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM in v1.4.4 is vulnerable to a cross-site scripting vulnerability that stems from a lack of user-supplied data and output data validation filtering in the Site title parameter when updating site settings. ...

CVE-2020-28919

A stored cross site scripting XSS vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title...

Hospitals Patient Records Management System 1.0 - (room_list) Stored XSS Vulnerability

Exploit Title: Hospitals Patient Records Management System 1.0 - 'roomlist' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Hospitals Patient Records Management System 1.0 Cross Site Scripting

Exploit Title: Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

WordPress 5.8.2 Stored XSS Vulnerability

WordPress is the world’s most popular content management system that, according to w3techs, is used by over 40% of all websites. This wide adoption makes it a top target for cyber criminals who seek to compromise high-traffic websites or infect as many web servers as possible. Its code is heavily...

Cross-site Scripting (XSS)

mvcbean-jsp-portlet-archetype is vulnerable to cross-site scripting. The library does not properly escape the user input firstName and lastName parameters in greeting.jspx, allowing an attacker to inject and execute malicious javascript...

CVE-2021-43942

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting XSS vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting...

OroPlatform 注入漏洞

OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. OroPlatform suffers from a security vulnerability that stems from the software's lack of effective filtering and escaping of JavaScript attributes. By sending...

Cross-site Scripting (XSS) - Stored in zikula/core

Description When inputting a name for a module category whether editing an existing one or adding a new one, you're able to inject your own Javascript, leading to it being executed. An example payload that you can enter is: xss and then each time that you click the category to expand it, your...

Cross site scripting

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...

CVE-2021-38966

IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357...

Cross-site Scripting (XSS)

epiphany is vulnerable to cross-site scripting. An attacker is able to exploit the vulnerability by getting a user to visit an XSS payload page often enough to place that page on the most visited list to inject and execute arbitrary javascript...

Fresenius Kabi Agilia Connect Infusion System 跨站脚本漏洞

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.A cross-site scripting vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which can be exploited by attackers to inject JavaScript into the GET parameter of HTTP request'...

CVE-2021-44163

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS reflected Cross-site scripting attack without authentication...