Cross site scripting

An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim's browser...

CVE-2020-26885

An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim's browser...

CVE-2020-26885

The CVE-2020-26885 entry relates to 2sic 2sxc prior to version 11.22, where an XSS vulnerability exists in the sxcver parameter of dnn/ui.html. The issue allows an attacker to craft a malicious URL that executes JavaScript in a victim’s browser. Public details indicate impact is limited to the br...

WordPress Smart Slider - 3.5.0.8 Plugin - (name) Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting XSS Exploit Author: Hardik Solanki Software Link: https://wordpress.org/plugins/smart-slider-3/ Version: 3.5.0.8 Tested on Windows How to reproduce vulnerability: 1. Install WordPress 5.7.2 2. Install and...

2sic 2sxc 跨站脚本漏洞

2sic 2sxc is a software package that can be used for almost any type of content management need or application development need. A cross-site scripting vulnerability exists in 2sic 2sxc prior to version 11.22, which stems from an XSS vulnerability in the "sxcver" parameter of "dnn/ui.html", which...

Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may...

WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Config File Editor WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS vulnerability. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesse...

Cross-site Scripting (XSS) - Stored in changeweb/unifiedtransform

✍️ Description Stored Cross Site Scripting in the message/all.blade.php. 🕵️‍♂️ Proof of Concept As a teacher, click on "My Courses" and then "message students". CKEditor hides the underlying where we can add tag or capture the request in a proxy like burpsuite and edit the HTTP POST request. Select...

CVE-2020-22428

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting XSS via a directory name entered by an admin containing a JavaScript payload...

CVE-2020-22428

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting XSS via a directory name entered by an admin containing a JavaScript payload...

Cross site scripting

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting XSS via a directory name entered by an admin containing a JavaScript payload...

CVE-2020-22428

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting XSS via a directory name entered by an admin containing a JavaScript payload...

SolarWinds Serv-U FTP Server 跨站脚本漏洞

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the U.S. company SolarWinds. A cross-site scripting vulnerability exists in SolarWinds Serv-U versions prior to 15.1.6, which originates from being subject to cross-site scripting XSS via a directory name containin...

120 Compromised Ad Servers Target Millions of Internet Users

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike...

CVE-2021-30111

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...

CVE-2021-29661

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diagvalues.html Stored XSS via the ITEMLISTVALUESITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it...

CVE-2021-29661

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diagvalues.html Stored XSS via the ITEMLISTVALUESITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it...

CVE-2021-29661

CVE-2021-29661 affects Softing AG OPC Toolbox prior to or including 4.10.1.13035. The issue is a Stored XSS vulnerability in the page /en/diag_values.html, exploitable via the ITEMLISTVALUES##ITEMID parameter which injects JavaScript into the trace file. The payload is triggered whenever an authe...

CVE-2021-26715

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery SSRF vulnerability. The vulnerability arises due to unsafe usage of the logouri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP reque...

CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...