Cross-site Scripting (XSS)

pimcore/admin-ui-classic-bundle is vulnerable to Cross-site Scripting XSS. The vulnerability exists if an admin user has not set up 2-factor authentication in twofactorsetup.html.twig , which allows an attacker to inject and execute malicious HTML or javascript through the /admin/login/2fa-setup...

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

The plugin does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. As an unauthenticated user access a form containing a File Upload form...

SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)

Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting XSS Date: 12/21/2022 02:07:23 AM UTC Exploit Author: [email protected] Vendor Homepage: https://www.red-gate.com/ Software Link: https://www.red-gate.com/products/dba/sql-monitor/ Version: SQL Monitor 12.1.31.893 Tested on: Window...

CVE-2023-22288 Email HTML Injection

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

SUSE-SU-2023:0223-1 Security update for python-setuptools

This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document bsc1206667...

CVE-2023-23949

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...

CVE-2023-23949

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of...

SUSE-SU-2023:0094-1 Security update for python36-setuptools

This update for python36-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document bsc1206667...

Tiny Technologies TinyMCE 跨站脚本漏洞

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, Inc. Tiny Technologies TinyMCE suffers from a cross-site scripting vulnerability that originates from cross-site scripting that can be achieved when an attacker serves malicious HTML content to its warning and confirmation...

Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects group...

Heap Buffer Overflow

bash is vulnerable to a heap buffer overflow. The vulnerability exists in validparametertransform function of subst.c which allows an attacker to crash the system through potentially exploit heap corruption via a malicious HTML page...

Use After Free

chromium:sid is vulnerable to use after free. It allowed a remote attacker to potentially exploit heap corruption via a malicious HTML page...

Add Client function is vulnerable to stored HTML injection

Description HTML Injection also termed as “virtual defacements” is one of the most simple and the most common vulnerability that arises when the web-page fails to sanitize the user-supplied input or validates the output, which thus allows the attacker to craft his payloads and injects the malicio...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to the out of bound read in the Dawn, allowing an attacker to crash the application by providing a maliciously crafted HTML page...

CVE-2022-34160

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330...

Phishing Attack

next-auth is vulnerable to phishing attacks. A remote attacker is able to pass a specifically crafted input to the e-mail signin endpoint which contains malicious HTML, tricking the e-mail server to send it to the user which allows the attacker to perform phishing attacks on the victim...

IBM Jazz Team Server 跨站脚本漏洞

IBM Jazz Team Server is an application server from IBM Corporation. provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality.An HTML injection vulnerability exist...

Use-After-Free

chromium is vulnerable to use-after-free. The vulnerability exists in performance manager due to heap corruption which allows an attacker to crash the application via a malicious HTML page...