155 matches found
CVE-2023-50924
Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the...
Stored XSS via Default session expiration time
Description The Default session expiration time feature when submitted HTML/JS tags executes the code in the login page. Proof of Concept Login to Teampass and go to Settings = Options. http://127.0.0.1/index.php?page=options In theDefault session expiration time input field insert an XSS payload...
inDrive: #1 XSS on watchdocs.indriverapp.com
The security vulnerability found on watchdocs.indriverapp.com allowed for cross-site scripting XSS attacks. The vulnerability was triggered by crafting a specific URL that executed arbitrary JavaScript code when accessed by users...
Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS
Exploit Title: Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...
CVE-2023-28648
Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...
TD Bank: Reflected XSS on marketsandresearch.td.com
Summary: Hi TD security team, there is a reflected XSS vulnerability at http://marketsandresearch.td.com. As you are most likely aware, XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then...
Improper Name Validation in Upload Document Form
Description The name of any uploaded document can be manipulated using the destination parameter, to include new line characters in its name, breaking the execution of JS code in "New Documents" section from "Miscellaneous" menu, that will be blank until the document is removed from DB. Proof of...
Cross site scripting
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting XSS. Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in...
CVE-2022-40912
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting XSS. Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in...
WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF
The plugin does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack. Make a logged in admin open a page with the following JS code: fetch'https://example.com/wp-admin/admin.php?page=wpcustomcursors',...
ESM ETAP Safety Manager 1.0.0.32 Cross Site Scripting Vulnerability
ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Vendor: ETAP Lighting International NV Product web page: https://www.etaplighting.com Affected version: 1.0.0.32 Summary: The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and...
ETAP Safety Manager 1.0.0.32 Cross Site Scripting
ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Vendor: ETAP Lighting International NV Product web page: https://www.etaplighting.com Affected version: 1.0.0.32 Summary: The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and...
Design/Logic Flaw
The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them...
CVE-2022-30624
Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password...
CVE-2022-30624 Chcnav - P5E GNSS Authentication bypass admin password reset
Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password...
CVE-2022-30624
CVE-2022-30624 affects Chcnav P5E GNSS. Browsing the admin.html page allows resetting the admin password, and the capability is also present in the JavaScript code for the password. This vulnerability is documented across multiple sources (NVD, CVE List, CNNVD, PRION/PRIO pages, ENISA EUVD) indic...
CVE-2022-30622 Chcnav - P5E GNSS Information disclosure
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...
OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor
Impact Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager Relates to - https://github.com/artf/grapesjs/issues/4411 Patch Update GrapeJS dependency to =v0.19.5...
parse-url cross-site scripting vulnerability
parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from the ability to run malicious JS code using ASCII characters starting with and all special escape characters starting with Unicode, which can...
parse-url cross-site scripting vulnerability
parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from a last fix can be bypassed and can be exploited by an attacker to place any malicious JS code on a web page...