CVE-2022-23861

Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...

EUVD-2021-0116

Malware in sbrugna...

CVE-2022-4979

A cross-site scripting XSS vulnerability exists in Sitecore Experience Platform XP 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platfor...

CVE-2023-28648

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...

Improper Name Validation in Upload Document Form

Description The name of any uploaded document can be manipulated using the destination parameter, to include new line characters in its name, breaking the execution of JS code in "New Documents" section from "Miscellaneous" menu, that will be blank until the document is removed from DB. Proof of...

Cross-site Scripting in wicket-jquery-ui

In wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...

Backdoor.Win32.Chubo.c Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c16b04a9879896ef453a6deb13528087B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Chubo.c Vulnerability: Cross Site Scripting XSS Family: Chubo Type: Web Panel MD5:...

Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5

Description https://github.com/gnuboard/gnuboard5/blob/v5.4.22/mobile/shop/lg/mispwapurl.phpL7 has no filtering for the variable. So, Attackers can trigger Reflected XSS via $GET'LGDOID' Proof of Concept /mobile/shop/lg/mispwapurl.php?LGDOID=%3Cscript%3Ealert1%3C/script%3E Impact Attacker can...

CVE-2021-43852 JavaScript Prototype Pollution in oro/platform

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

CVE-2021-43852

CVE-2021-43852 (OroPlatform) : A prototype pollution flaw allows an attacker to inject properties into JavaScript prototypes (e.g., Object prototypes) via specially crafted requests, potentially enabling JS code execution by vulnerable libraries. The issue is mitigated by patching to version 4.2....

OWOX, Inc.: Reflected XSS

Hi team, I have found an XSS at https://bi.owox.com/ui/6177527534dc114eb07fa829e4ce4d28/dashboard/?trial=activated Because the input is not properly filtered, resulting in XSS being executed Vulnerable area: ----- 6177527534dc114eb07fa829e4ce4d28 The URL will now be:...

CVE-2018-1000513

LimeSurvey 3.0.0-beta.3+17110 contains an XSS in Boxes that can execute JavaScript in admin sessions. The vulnerability arises from the program failing to filter the Destination parameter and could be exploited remotely; it is stated to be fixed in 3.6.x. Connected sources corroborate the XSS imp...

CVE-2018-1000513

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting XSS vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x...

CVE-2018-1325

In Apache wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...

CVE-2017-1000509

Dolibarr 6.0.2 exposes a cross-site scripting (XSS) vulnerability in the Product details component, enabling execution of JavaScript. The issue is publicly documented across multiple feeds; maintainers indicate the fix is in version 7.0.0. No exploitation details are provided in the supplied docu...

CVE-2016-6842

Open-Xchange OX App Suite prior to 7.8.2-rev8 contains a cross-site scripting issue in which setting a user’s name to JavaScript code causes that code to execute when the victim accesses the user’s shared Templates folder via OX Documents. The attack requires the folder to be shared to the victim...

Xinhua enterprise web site management system v4. 0 XSS0day add administrator and patch-vulnerability warning-the black bar safety net

From:B0mbErM@n Description:online repair function is not to submit the filter Analysis:xiu. asp not be submitted to the filter, resulting in execution of arbitraryXSSstatement. Patch:filter Exp: ../xiu. the asp directly into the repair, then at the contact address written on the SCRIPT...