9 matches found
Cross-site Scripting (XSS)
org.apache.sling.cms.ui is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly encode the resource.path variable before being rendered, allowing an attacker to inject and execute malicious JavaScript through the site group feature...
Cross-site Scripting (XSS)
typo3/cms is vulnerable to cross-site scripting.The vulnerability exists in dumpAction function in FileDumpController.php due to exposing stored files from the backend user interface through a corresponding service-side process, which allows an attacker to inject and execute malicious javascript...
Cross site scripting
AEM's Cloud Service offering, as well as versions 6.5.7.0 and below, 6.4.8.3 and below and 6.3.3.8 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...
CVE-2020-25131
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the rolename or roledescr parameter to the roles/ URI...
Cross-site Scripting (XSS)
activemq-web-console is vulnerable to cross-site scripting XSS. The vulnerability exists as the values of row.properties in browse.jsp is not properly validated, allowing a remote attacker to inject and execute arbitrary Javascript into a user's browser via the affected parameters...
CVE-2019-17672
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...
SopCore控件SetExternalPlayer()方式任意代码执行漏洞
BUGTRAQ ID: 33920 SopCore是一个视频播放插件,安装后可以观看TvBaby的网络电视。 SopCore控件的SetExternalPlayer函数没有正确地验证ExternalPlayer属性参数,如果用户受骗访问了恶意网页,就可能将任意可执行文件关联到“外部播放器”按键上。之后当用户点击该按键时,就会未经提示便执行该文件。 Sopcast SopCore Control 3.0.3.501 厂商补丁: Sopcast ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
articlelive-xss.txt
01010111 01001001 01010010 01000101 01000100 01010011 - 01000101 01000011 01010101 01010010 01001001 01010100 - 01011001 ADVISORY: INTERSPIRE ARTICLELIVE NX XSS || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: RISK LEVEL || 0x00: ABOUT ME Author: SkyOut Date...
CVE-2005-1937
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by...