5004 matches found
CVE-2021-24205
The CVE applies to the Elementor Website Builder WordPress plugin (before 3.1.4). The icon box widget’s title_size parameter can be exploited by a user with Contributor+ permissions via a modified save_builder request, enabling stored XSS because the JavaScript is not filtered/escaped and execute...
CVE-2021-24159
CVE-2021-24159 affects the WordPress plugin “Contact Form 7 Style” up to version 3.1.9. The issue stems from a lack of sanitization and nonce protection on the plugin’s custom CSS feature, enabling a CSRF attack that can cause the CSS settings to inject malicious JavaScript into a site. Exploitat...
CVE-2021-24162
CVE-2021-24162 describes a CSRF to settings update in the Reponsive Menu WordPress plugin (free and Pro) prior to version 4.0.4. An attacker could craft a request to trick an administrator into importing new settings, which could be modified to include malicious JavaScript and enable site infecti...
Cross site scripting
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diagvalues.html Stored XSS via the ITEMLISTVALUESITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it...
Devolutions Remote Desktop Manager 跨站脚本漏洞
Devolutions Remote Desktop Manager is a remote desktop management tool that centralizes all remote connections on a platform that is securely shared between users and across teams. A cross-site scripting vulnerability exists in webviews in Devolutions Remote Desktop Manager versions prior to...
CVE-2021-21418
psemailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1...
Race condition
psemailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1...
CVE-2021-21418
CVE-2021-21418 concerns the PrestaShop module ps_emailsubscription . A cross‑site scripting (XSS) vulnerability exists where an employee can inject JavaScript into the newsletter condition field, which is then executed on the front office. The issue has been fixed in module version 2.6.1 .
Security Advisory - JavaScript Injection Vulnerability in Huawei Smartphone
There is a JavaScript injection vulnerability in Huawei smartphone. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending malicious application request to launch JavaScript injection. This may compromise normal service. Vulnerability ID:...
Progi1984 ps_emailsubscription 跨站脚本漏洞
Progi1984 psemailsubscription is Progi1984 an open source application. Provides an e-mail form. A security vulnerability exists in psemailsubscription that stems from the ability to inject javascript into the newsletter conditional field...
CVE-2021-20518
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437...
Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2021-24250)
Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in versions prior to Rocket.Chat 3.11, 3.10.5, 3.9.7, and 3.8.8 that allows remote attackers to inject arbitrary JavaScript into messages...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-end" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-end p1-end & p2-end end XSS...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-start" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-start p1-start & p2-start...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtereritem" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...
CVE-2021-20683
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20681
Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20683
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
Input validation
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...