Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content...

McAfee Epolicy Orchestrator 跨站脚本漏洞

McAfee Epolicy Orchestrator McAfee Epo is a U.S.-based solution for managing endpoint, network, data security, and compliance. A cross-site scripting vulnerability exists in McAfee ePolicy Orchestrator, which can be exploited by an attacker to run JavaScript code in the context of a Web site...

McAfee Epolicy Orchestrator 跨站脚本漏洞

McAfee Epolicy Orchestrator McAfee Epo is a U.S.-based solution for managing endpoint, network, data security, and compliance. A cross-site scripting vulnerability exists in McAfee ePolicy Orchestrator that originates from an attacker being able to trigger cross-site scripting in McAfee ePO in...

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

Cross site scripting

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

CVE-2021-33988

Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description XSS in the question asking session feedback page Proof of Concept Hi'" link https://demo.fork-cms.com/private/en/faq/edit?token=u1xyihius6&id=1 paste the payload in the question section and view the question in link Impact custom javascript code execution , session stealing etc...

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber CMS version 1.2.7, which can be exploited ...

CVE-2021-41156

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

Design/Logic Flaw

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

CVE-2021-40721

Adobe Connect version 11.2.3 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

U.S. Dept Of Defense: Cross-site Scripting (XSS) - Reflected at https://██████████/

Hello Team, i just found a reflected xss bug on your web https://█████ Step To reproduce: poc url: https://████/7/0/33/1d/www.citysearch.com/search?what=x&where=place%22%3E%3Csvg+onload=confirmdocument.domain%3E Impact Impact Data can be stolen, or Javascript can be executed.This is will allow th...

UBUNTU-CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

Design/Logic Flaw

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions prior to 1.19.30.5600, it was possible...

CVE-2021-41139

Anuko Time Tracker (PHP) suffers a reflected XSS in time.php via the date URI parameter, exploitable before patch in 1.19.30.5600. An attacker could persuade a logged-in user to click a crafted link, causing attacker-supplied JavaScript to execute in the user’s browser. Remediated in version 1.19...

Cross-site Scripting in jsoneditor

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...

CVE-2021-24563

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of the WordPress Coming soon and Maintenance plugin...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress Enfold Enfold theme prior to 4.8.4, which originate...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress Quiz And Survey Master plugin prior to 7.3.2, whi...