WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field

The Admin Columns WordPress plugin allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns. When a "Custom...

IBM WebSphere Exteme Scale Cross-Site Scripting Vulnerability

IBM WebSphere Exteme Scale is a resilient, highly scalable in-memory data grid from IBM USA. It can provide predictable responsiveness to meet exponential demands on data. A cross-site scripting vulnerability exists in IBM WebSphere Exteme Scale Liberty, which stems from a lack of proper validati...

Cross site scripting

Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack...

Hundred Plus 101EIP 跨站脚本漏洞

The Hundred Plus 101EIP system is a cloud-based office platform from Taiwan-based Hundred Plus Corporation Hundred Plus that has been optimized by gathering the experience of many enterprises. 101EIP suffers from a cross-site scripting vulnerability that stems from the calendar add event feature...

Postbird 0.8.4 - Javascript Injection Exploit

Exploit Title: Postbird 0.8.4 - Javascript Injection Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload PostgreSQL Password...

Gris CMS Cross-Site Scripting Vulnerability

Gris CMS is a flat file CMS for developers and Markdown enthusiasts. A cross-site scripting vulnerability exists in Gris CMS v0.1, which stems from a lack of proper validation of client data in the web application, and can be exploited by an attacker to inject malicious JavaScript code to steal...

OpenWrt LuCI Web接口跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability in the web interface of OpenWRT LuCI version 19.07 allows attackers to inject arbitrary Javascript into OpenWRT hostnames via a hostname change operation...

Mediat Cross-Site Scripting Vulnerability

Mediat is a responsive media CMS. A cross-site scripting vulnerability exists in Mediat version 1.4.1, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to inject malicious JavaScript code to steal user credentials...

Mediat 跨站脚本漏洞

Mediat is a responsive media CMS. A cross-site scripting vulnerability exists in Mediat version 1.4.1, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to inject malicious JavaScript code to steal user credentials...

Cross-site Scripting (XSS)

vrana/adminer is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser via a link argument in the function doclink...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-37282)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the Store...

CVE-2021-29503

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

Cross site scripting

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

CVE-2021-29503 Improper Neutralization of Script-Related HTML Tags in Notes

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

Cross-site scripting in jspdf

Overview In jspdf before version 2.0.0 it is possible to inject JavaScript code via the html method. Recommendation Upgrade to version 2.0.0 or later References - CVE - GitHub Advisory...

CVE-2021-24290

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages...

CVE-2021-24290

Store Locator Plus for WordPress (plugin) versions up to 5.5.15 are affected by an unauthenticated stored cross-site scripting (XSS) vulnerability. The CVE describes multiple endpoints that could allow an attacker to inject malicious JavaScript into pages. Affected component: the WordPress plugin...

CVE-2019-14827

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...

Design/Logic Flaw

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...