Cross site scripting

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks...

欣学英资讯 webopac7 跨站脚本漏洞

XinXueYing Info Webopac7 is an online public access catalog of China XinXueYing Info. It is used for users to access library services over the Internet. A cross-site scripting vulnerability exists in XinXueYing Info webopac7, which originates from a book search field parameter that does not...

PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Date: 14/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We...

Cross-site Scripting (XSS)

graphql-playground-react is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in Properties.html allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

grafana is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of sanitation of URL allowing a malicious attacker to inject and execute arbitrary javascript...

Publify 跨站脚本漏洞

Publify is a simple but full-featured web publishing software. A security vulnerability exists in Publify versions v8.0 through v9.2.4, which can be exploited by attackers to inject malicious JavaScript via an uploaded html file...

Publify 跨站脚本漏洞

Publify is a simple but full-featured web publishing software. A security vulnerability exists in Publify versions v8.0 through v9.2.4, which can be exploited by an attacker to insert and execute arbitrary JavaScript code during page/post creation...

CVE-2021-35488

Thruk 2.40-2 allows /thruk/cgi-bin/status.cgi?style=combined&title=TITLE Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it...

Cross site scripting

Thruk 2.40-2 allows /thruk/cgi-bin/status.cgi?style=combined&title=TITLE Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it...

Thruk 跨站脚本漏洞

Thruk is an open source multi-backend monitoring web interface from the individual developer Sven Nierlein in Germany. Thruk 2.40-2 suffers from a security vulnerability that allows an attacker to inject arbitrary JavaScript into status.cgi, which triggers a payload every time an authenticated us...

Cross-site Scripting (XSS)

apostrophe is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in index.js allowing an attacker to insert arbitrary Javascript...

Mozilla Firefox Security Advisory (MFSA2020-05) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a data integration platform from IBM Corporation in the United States. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server has a security vulnerability that allows users to embed arbitrary...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Displayname' input field in 'Profiles' module is not properly encoded, which allows a malicious attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

camaleoncms is vulnerable to cross-site scripting. The library does not properly sanitize the post's comment section, allowing malicious users to inject and execute malicious javascript...

Small CRM 3.0 Cross Site Scripting

Exploit Title: Small CRM 3.0 - 'description' Stored Cross-Site Scripting XSS Date: 20/10/2021 Exploit Author: Ghuliev Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: Ubuntu When a user or admin creates a ticket, we can...

Small CRM 3.0 - (description) Stored Cross-Site Scripting Vulnerability

Exploit Title: Small CRM 3.0 - 'description' Stored Cross-Site Scripting XSS Exploit Author: Ghuliev Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: Ubuntu When a user or admin creates a ticket, we can inject javascript...

Cross-site Scripting (XSS) - Stored in archerysec/archerysec

Description The application is vulnerable to a Stored XSS attack. It is possible for an authenticated user to inject a JavaScript payload that will be executed in the web browser of the users viewing the concerned pages. When uploading a Burp scan, the XML field "issueBackground" of a vulnerabili...

CVE-2021-42335

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...

ShinHer StudyOnline System 跨站脚本漏洞

ShinHer StudyOnline System is a school administration system from ShinHer, a Chinese company. special characters in the title parameter. An attacker could use this vulnerability to inject JavaScript and execute a stored XSS attack after logging in with user privileges...