Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and...

Xbtit Cross-Site Scripting Vulnerability

Xbtit is a tracker software. A cross-site scripting vulnerability exists in Xbtit version 3.1. The vulnerability occurs when /ajaxchat/sendChatData.php fails to properly validate the value of the "n" POST parameter. An attacker could exploit this vulnerability to execute malicious JavaScript code...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...

F5 NGINX Controller API Code Injection Vulnerability

The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...

NUUO Network Video Recorder NVRsolo Cross-Site Scripting Vulnerability

NUUO Network Video Recorder NVR is a network video recorder from NUUO, Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo version 3.9.1, which stems from the lack of effective filtering and escaping of user-submitted request parameters, and can be...

CVE-2021-41029

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...

FortiWeb - Reflected cross-site scripting in error controllers

Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...

Bludit 3.13.1 - (username) Cross Site Scripting Vulnerability

Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to reproduce 1. Open...

CVE-2021-23439

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

CVE-2021-23439 Cross-site Scripting (XSS)

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

Exploit for Cross-site Scripting in Seafile

CVE-2021-30146 Seafile 7.0.5 Persistent XSS Suggested descri...

Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS

The plugin was being actively exploited, allowing low privilege users to use the floimportformsoptions AJAX action to import new options and inject malicious JavaScript code in the backend...

CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

Cross site scripting

A cross-site scripting XSS vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code...

Privilege escalation

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...

CVE-2020-12517 Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website local privilege escalation...

CVE-2020-26884

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application...

CVE-2019-19294

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The web interface of the Control Center Server CCS contains multiple stored Cross-site Scripting XSS vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious...