CVE-2023-40047 WS_FTP Server Stored Cross-Site Scripting Vulnerability

In WSFTP Server version prior to 8.8.2, a stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site...

CVE-2023-4892

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

CVE-2023-4892

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

Design/Logic Flaw

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

CVE-2023-4892 Teedy v1.11 - Stored cross-site scripting (XSS)

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

Teedy Cross-Site Scripting Vulnerability

Teedy is a French open source, lightweight document management system for individuals and businesses. A security vulnerability exists in Teedy v1.11, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute malicious JavaScript code in a web...

PageLayer < 1.7.8 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. PoC - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to...

Cross site scripting

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a reflected cross-site scripting XSS vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer...

Progress MOVEit Transfer Cross-Site Scripting Vulnerability

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer. An attacker could exploit the vulnerability to execute malicious JavaScript in the victim's browser environment...

CVE-2023-38215 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-38215 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-38214 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-29306 Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2023-4294

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

Design/Logic Flaw

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers

Technical Analysis by: Thomas Elkins, Natalie Zargarov Contributions: Evan McCann, Tyler McGraw Recently, Rapid7 observed the Fake Browser Update lure tricking users into executing malicious binaries. While analyzing the dropped binaries, Rapid7 determined a new loader is utilized in order to...

URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. PoC 1. Add a new shortened link in the interface...

CVE-2023-22843

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored...

Cross-site Scripting (XSS)

cockpit-hq/cockpit is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to bootstrap.php accepting html files as an upload, which allows an attacker to inject and execute malicious Javascript into the browser...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of user input sanitization in the library, which allows an attacker to inject and execute malicious javascript through the maliciously crafted merge request...