27 matches found
CVE-2026-44670
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...
CVE-2025-25477
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...
GHSA-78VG-7V27-HJ67 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...
CVE-2024-29831
CVE-2024-29831 relates to an improper input validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server, potentially enabling remote code execution. Affected: DolphinScheduler; remediation guidance consistentl...
Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox
CVE-2024-4367 POC Usage bash python poc.py malicious.p...
CVE-2024-23320 Apache DolphinScheduler: Arbitrary js execution as root for authenticated users
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...
CVE-2024-23320 Apache DolphinScheduler: Arbitrary js execution as root for authenticated users
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...
HTML Injection
ethyca-fides is vulnerable to HTML Injection. The vulnerability arises due lack of of input validation coming from connected systems and data stores which is reflected in the downloaded data. This results in an HTML injection that can be abused to perform phishing attacks or malicious JS executio...
CVE-2023-30736
The CVE-2023-30736 entry concerns Samsung Assistant’s PushMsgReceiver, where improper authorization prior to version 8.7.00.1 allows an attacker to trigger a javascript interface. Affected software is Samsung Assistant on devices supporting versions before 8.7.00.1. The vulnerability requires use...
CVE-2023-22475
CVE-2023-22475 affects Canarytokens. The issue is a Cross-Site Scripting vulnerability in the history page of triggered Canarytokens prior to sha-fb61290, allowing an attacker who discovers an HTTP-based Canarytoken URL to execute JavaScript when the history page is viewed by the token’s creator....
U.S. Department of State: RXSS on https://travel.state.gov/content/travel/en/search.html
Vulnerability description not provided...
Cross site scripting
A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...
U.S. Dept Of Defense: Reflected XSS on [█████████]
Summary: Hi security team members, I found a reflected XSS on the URL Impact 1. An attacker can steal the victim's cookies. 2. An attacker can execute JS code. System Hosts █████ Affected Products and Versions CVE Numbers Steps to Reproduce 1. Navigate to this link:-...
Stored XSS by authenticated backend user with access to upload files
Impact Backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since SVG files support being parsed as HTML by browsers, this means that they could theoretically upload Javascript that would be executed on a path under t...
WebKit - Universal XSS Using Cached Pages
WebKit - Universal XSS Using Cached Pages VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child =...
WebKit - Universal XSS Using Cached Pages Exploit
VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child = mframe.tree.lastChild; child; child =...
Starbucks: Reflected XSS on https://www.starbucks.co.uk/shop/paymentmethod/ (bypass for 227486)
Hi guys, I am now able to prove my concerns from 227486 see my last comment. "s are still not correctly encoded when rendered into the page in the element on almost any https://starbucks.co.uk/ page. The WAF is bypassed by encoding "s as %2522 in the URL path. This won't work when the payload is...
Shopify: Stored passive XSS at scheduled posts (kitcrm.com)
Hello! There is improper filtration of the website link field of scheduled post. Attacker can intercept the scheduled post creation/modifying request and change it content the following way: http POST /pages/175422/manualposts/31163 HTTP/1.1 Host: kitcrm.com...
Mao10CMS v3.0.2 储存型xss
简要描述: rt 详细说明: 过滤不严。 以官网为例。 社区发布新话题 成功加载了js 地址 http://www.mao10.com/post-1772.html 然后用户的cookie就来了。。。 漏洞证明:...
IPSwitch IMail Server WEB client 12.4 persistent XSS
Exploit for windows platform in category web applications Exploit Title: IPSwitch IMail Server WEB client 12.4 persistent XSS Google Dork: Date: 3 june 2014 Exploit Author: Peru GoSecure! Vendor Homepage: www.ipswitch.com Software Link: http://www.imailserver.com/try/ Version: Tested on 12.3 and...