PYSEC-2023-93

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

UBUNTU-CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

Pacparser 注入漏洞

Pacparser is a library for parsing Proxy Autoconfiguration PAC files by the individual developer Manu Garg. A security vulnerability exists in versions of Pacparser prior to 1.4.2 that stems from allowing JavaScript injection when an attacker takes control of a URL and may allow privilege...

PT-2023-25930 · Pacparser +1 · Pacparser +1

Name of the Vulnerable Software and Affected Versions: Pacparser versions prior to 1.4.2 Description: The issue allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL, which may be realistic within enterprise security products. Recommendations: For...

CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

CVE-2023-37360

Pacparser ( Pacparser ) before 1.4.2 is affected by CVE-2023-37360 through the function pacparser_find_proxy. The vulnerability arises when the attacker controls the URL, enabling JavaScript injection and potentially privilege escalation within enterprise security product scenarios. The provided ...

CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

XSS Reflected via import file funtion

Description The application does import data from the file without cleaning the data inside before processing, resulting in javascript code that can be injected and triggered when the victim executes the function. Proof of Concept Step1: The attacker creates a .csv file containing a payload to...

PT-2023-25856 · Mediawiki +1 · Googleanalyticsmetrics +1

Name of the Vulnerable Software and Affected Versions: GoogleAnalyticsMetrics extension for MediaWiki versions through 1.39.3 Description: An issue was discovered in the googleanalyticstrackurl parser function, which does not properly escape JavaScript in the onclick handler and does not prevent...

CVE-2023-35156

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

CVE-2023-35159

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

CVE-2023-35156 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

CVE-2023-35155 XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. For instance, the following URL execute an alter on the browser:...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform. An attacker could use this vulnerability to inject Javascript code into a page by forging a URL and trigger a cross-site...

XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions prior to 9.4-rc-1. An attacker can exploit this vulnerability to inject Javascript code into a page by forging a...

Cross-Site Scripting (XSS)

kiwitcms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of file content validation in the denyuploadscontainingscripttag function of validators.py, which allows an attacker to inject arbitrary JavaScript code into a victim's browser...

Home Assistant < 0.57 XSS Vulnerability

Home Assistant is prone to a cross-site scription XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-Site Scripting (XSS)

phpmyfaq/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of html sanitization in the answer parameter which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2023-2277

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...