GHSA-MVQR-R76C-WM5F Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

Cobbler XSS Vulnerability

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting XSS vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...

Wallabag cross-site scripting (XSS) vulnerability

The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting XSS vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be...

GHSA-GVCW-X64M-PFCJ Wallabag cross-site scripting (XSS) vulnerability

The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting XSS vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting XSS vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...

Cross-site scripting and open redirect vulnerability on Rock RMS Login Page

Description The Rock RMS login page has a returnUrl parameter that is used to set window.location.href when the user has successfully logged in. An attacker can include a malicious JavaScript payload using a link crafted with the payload in the returnUrl parameter, such as 'javascript:...', that ...

REDCap 11.3.9 - Stored Cross Site Scripting Vulnerability

Exploit Title: REDCap 11.3.9 - Stored Cross-Site Scripting Exploit Author: Kendrick Lam References: https://github.com/KCL04/XSS-PoCs/blob/main/CVE-2021-42136.js Vendor Homepage: https://projectredcap.org Software Link: https://projectredcap.org Version: Redcap before 11.4.0 Tested on: 11.2.5 CVE...

LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Proof of Concept PoC: ======================= 1. The store...

Cross-site Scripting (XSS)

Overview x-data-spreadsheet is an a javascript xpreadsheet Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization of values inserted into the cells. PoC: Insert payload into a cell. Example payload: html " Details Cross-site scripting or XSS is a...

Cross site scripting

Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history...

DEBIAN-CVE-2022-24918

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all th...

CVE-2022-24432 ICSA-22-062-01 IPCOMM ipDIO

Persistent cross-site scripting XSS in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an...

Hayageek Jquery Upload File Cross-Site Scripting Vulnerability

Hayageek Jquery Upload File is a jQuery-based file upload plugin from Hayageek's personal developer. Hayageek Jquery Upload File v4.0.11 contains a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary web script or HTML via a specially crafted file with a...

Horde Groupware Webmail <= 5.2.22 XSS Vulnerability - Linux

Horde Groupware Webmail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-43X9-7HFV-MXRF jQuery-Upload-File XSS in fileNameStr

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

Cross site scripting

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

Hayageek Jquery Upload File跨站脚本漏洞

Hayageek Jquery Upload File is a jQuery-based file upload plugin from Hayageek's personal developer. Hayageek Jquery Upload File v4.0.11 contains a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary web script or HTML via a specially crafted file with a...

Xerox Versalink Denial Of Service Vulnerability

Xerox Versalink printers suffer from a remote denial of service vulnerability using a specially crafted TIFF payload. + Credits: Mahmoud Al-Qudsi + Website: https://neosmart.net/ + Source: https://neosmart.net/blog/?p=4865 + Media: https://twitter.com/mqudsi and https://twitter.com/neosmart Vendo...

CVE-2021-24423 UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraftservice settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue...