CVE-2021-40966

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user...

CVE-2021-33483

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment...

WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting XSS Date: 02/09/2021 Exploit Author: Nikhil Kapoor Software Link: https://wordpress.org/plugins/duplicate-page/ Version: 4.4.1 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1...

CVE-2021-24445

The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...

WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting XSS Date: 2021-08-06 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/picture-gallery/ Version: 1.4.2 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

SMS Alert Order Notifications – WooCommerce < 3.4.7 Authenticated Cross Site Scripting

The plugin is affected by a cross site scripting XSS vulnerability in the plugin's setting page. PoC Enter the payload below for the "SMS Alert Username" in the plugin's settings. "+onfocus="alert1"+autofocus=" You will observe that the JavaScript payload successfully got reflected is and we are...

CVE-2021-20112

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tceselectmediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tceselectmediafile.php could upload a malicious javascript payload which would b...

CVE-2021-20111

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

CVE-2021-20112

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tceselectmediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tceselectmediafile.php could upload a malicious javascript payload which would b...

Cross site scripting

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

NCH IVM Attendant Cross-Site Scripting Vulnerability (CNVD-2021-55903)

NCH IVM Attendant is a complete voicemail, call attendant and IVR solution for Windows. a security vulnerability exists in NCH IVM Attendant due to a lack of comprehensive input validation, which can be exploited by an authenticated attacker to inject a JavaScript cross-site scripting payload int...

NCH IVM Attendant Cross-Site Scripting Vulnerability (CNVD-2021-55901)

NCH IVM Attendant is a complete voicemail, call attendant and IVR solution for Windows. a security vulnerability exists in NCH IVM Attendant due to a lack of comprehensive input validation, which can be exploited by an authenticated attacker to inject a JavaScript cross-site scripting payload int...

NCH IVM Attendant 跨站脚本漏洞

NCH IVM Attendant is a complete voicemail, call attendant and IVR solution for Windows. a security vulnerability exists in NCH IVM Attendant due to a lack of comprehensive input validation, which can be exploited by an authenticated attacker to inject a JavaScript cross-site scripting payload int...

Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. PoC 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...

KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS

The plugin was vulnerable to Authenticated Stored XSS in the separator field. 1. Install WordPress 5.7.2 2. Install and activate KN Fix Your Title 3. Navigate to Fix Title under Settings Tab Click on I have done this and enter the XSS payload into the Separator input field. 4. Click Save Changes...

KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS

The plugin was vulnerable to Authenticated Stored XSS in the separator field. PoC 1. Install WordPress 5.7.2 2. Install and activate KN Fix Your Title 3. Navigate to Fix Title under Settings Tab Click on I have done this and enter the XSS payload into the Separator input field. 4. Click Save...

WordPress Plugin Mimetic Books 0.2.13 - &#039;Default Publisher ID field&#039; Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting XSS Date: 18/07/2021 Exploit Author: Vikas Srivastava Vendor Homepage: Software Link: https://wordpress.org/plugins/mimetic-books/ Version: 0.2.13 Category: Web Application Tested on Ma...

Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Custom Book 3...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the Hypothesis when adding a new Research 🕵️‍♂️ Proof of Concept Goto http://localhost/leancanvas/simpleCanvas and click on add new and copy paste the following xss payload javascript " Click on safe and see the xss popup with the cookie. 💥...

10Web Map Builder for Google Maps < 1.0.70 - Authenticated Stored XSS

The plugin does not validate or escape its MAP API Key, Center Address, Center Lat, Center Lng and Zoom Level settings in the admin dashboard, allowing high privilege users such as admin to use JavaScript payload in them, leading to Stored Cross-Site Scripting issues even when the unfilteredhtml...