CVE-2019-16950

An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript...

EUVD-2019-4659

Malware in sbrugna...

EUVD-2022-3579

Malicious code in bioql PyPI...

CVE-2021-38113

In addBouquet in js/bqe.js in OpenWebif aka e2openplugin-OpenWebif through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor i.e., bouqueteditor/api/addbouquet?name= leads to Stored XSS...

CVE-2023-29207

XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included...

Stored XSS bypass the protection rules

Description Hi there, Someone submitted an xss vulnerability about your project before.And please see "https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd/" for details.You submitted a fix in 7.0.0.2 with commit 4565d8.But after my tests, I found that it was still unsafe. The followin...

Alkacon OpenCMS XSS via New User module

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...

CVE-2021-24208 WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)

The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this...

CVE-2020-7773

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

CVE-2020-8812

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...

CVE-2020-8812

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...

Cross site scripting

An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript...

Design/Logic Flaw

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...

Cross site scripting

A reflected Cross-Site-Scripting XSS vulnerability has been identified in Siemens PLM Software TEAMCENTER V9.1.2.5. If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software...

ImgHosting 1.5 - Cross-Site Scripting

ImgHosting 1.5 - Cross-Site Scripting Exploit Title: ImgHosting Image Storage System 1.5 - Cross-Site-Scripting Date: 12-01-2018 Exploit Author: Dennis Veninga Contact Author: d.veninga at networking4all.com Vendor Homepage: foxsash.com Version: 1.5 CVE-ID: CVE-2018-5479 ImgHosting – Image Storag...

Authentication flaw

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in...

Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI)

No description provided by source. !/usr/bin/env python ''' Exploit Title: Ability Mail Server 2013 Stored XSS Date: 12/20/2013 Exploit Author: David Um Vendor Homepage: http://www.code-crafters.com/ Software Link: http://download.code-crafters.com/ams.exe Version: 3.1.1 Tested on: Windows Server...

Debian Security Advisory DSA 2365-1 (dtc)

The remote host is missing an update to dtc announced via advisory DSA 2365-1. OpenVAS Vulnerability Test $Id: deb23651.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2365-1 dtc Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian DSA-2365-1 : dtc - several vulnerabilities

Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services : - CVE-2011-3195 A possible shell insertion has been found in the mailing list handling. - CVE-2011-3196 Unix rights for the apache2.conf wer...

Fedora 13 : ikiwiki-3.20100815.7-1.fc13 (2011-5173)

Update to upstream version 3.20100815.7. Security fixes : - Possible JavaScript insertion via insufficient htmlscrubbing of alternate stylesheets. CVE-2011-1401 - JavaScript insertion via insufficient checking in comments. CVE-2011-0428 - JavaScript insertion via insufficient htmlscrubbing of...