CVE-2021-28420

CVE-2021-28420 is a cross-site scripting (XSS) vulnerability affecting Seo Panel 4.8.0. The issue allows remote attackers to inject JavaScript through alerts.php via the from_time parameter. Several connected sources (Red Hat CVE entry, OSV, CNVD, CVE lists, Exploit-DB) confirm the same flaw and ...

CVE-2021-28418

A cross-site scripting XSS issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter...

CVE-2021-28418

CVE-2021-28418 describes a cross-site scripting (XSS) vulnerability in Seo Panel 4.8.0 that allows a remote attacker to inject JavaScript via the settings.php and the category parameter. Multiple connected sources corroborate the issue (NVD/OSV/CNVD/CVELIST, Exploit-DB). Exploit-DB references a r...

CVE-2021-28417

A cross-site scripting XSS issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "searchname" parameter...

CVE-2021-28417

CVE-2021-28417 describes a cross-site scripting (XSS) vulnerability in Seo Panel 4.8.0 . The issue allows remote attackers to inject JavaScript through the archive.php page via the search_name parameter (and related descriptions reference a reflected XSS in the SEO admin flow). The affected compo...

Wordpress Constant Contact Forms 跨站脚本漏洞

Wordpress Constant Contact Forms is Wordpress open source an application plugin. It allows websites to capture visitor information directly and easily. A cross-site scripting vulnerability exists in versions of the Constant Contact Forms WordPress plugin prior to 1.8.8. The vulnerability stems fr...

SEO Panel 跨站脚本漏洞

SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in Seo Panel 4.8.0. A remote attacker can exploit this vulnerability to inject JavaScript via the settings.php category parameter...

SEO Panel 跨站脚本漏洞

SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in Seo Panel 4.8.0. A remote attacker can exploit this vulnerability to inject JavaScript via the alerts.php fromtime parameter...

Cross-Site Scripting (XSS)

pki-core is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the request search page...

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element

In the plugin, the column element includes/elements/column.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript in th...

The name of a filter can be used to XSS users who open an "Export HTML Report" - CVE-2021-26083

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Export HTML Report feature. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before...

Eclipse Theia Cross-Site Scripting Vulnerability

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. A cross-site scripting vulnerability exists in Eclipse Theia 1.8.0 and prior versions, which stems from the absence of HTML escaping...

Sourcecodester Web Based Quiz System Cross Site Scripting Vulnerability

Sourcecodester Web Based Quiz System is Sourcecodester an open source application . Used for a simple online based project . Sourcecodester Web Based Quiz System 1.0 suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript code...

Maxum Rumpus Cross-Site Scripting Vulnerability (CNVD-2021-16356)

Maxum Rumpus is an FTP and Web file transfer server. Maxum Rumpus 8.2.13, 8.2.14 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject and execute JavaScript code...

Apache Superset Stored Cross-Site Scripting Vulnerability

Apache Superset up is an open source application from the Apache Foundation that provides a design for horizontal scaling in large distributed environments. A security vulnerability exists in Apache Superset 0.38.0 and earlier versions, which can be exploited by an attacker to inject javascript...

OpenText Content Server 'multiple' Cross-Site Scripting Vulnerability

OpenText Content Server is a secure enterprise mobile content management system. A cross-site scripting vulnerability exists in OpenText Content Server 'multiple', which can be exploited by a remote attacker to introduce arbitrary JavaScript by creating malicious form values that will not be...

Maxum Rumpus 跨站脚本漏洞

Maxum Rumpus is an FTP and Web file transfer server. Maxum Rumpus 8.2.13, 8.2.14 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject and execute JavaScript code...

CVE-2020-29028

Cross-site Scripting XSS vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

CVE-2020-29028

Cross-site Scripting XSS vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

Apache Superset 跨站脚本漏洞

Apache Superset up is an open source application from the Apache Foundation that provides a design for horizontal scaling in large distributed environments. A security vulnerability exists in Apache Superset 0.38.0 and earlier versions, which can be exploited by an attacker to inject javascript...