Cross-site Scripting (XSS)

jenkins-2-plugins is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly escape the descriptions of test results, allowing an attacker with Run/Update permission to inject and execute malicious javascript...

Cross-site Scripting (XSS)

dompurify is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript via nested headlines...

Cross-site Scripting (XSS)

vova07/yii2-fileapi-widget is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript via the vulnerable run function in UploadAction.php...

Cross-site Scripting (XSS)

djangoucamlookup is vulnerable to Cross-Site Scripting XSS attacks. The invocation of jquery select2 to provide searchable dropdowns does not sanitize data coming from the lookup, allowing an attacker to inject and execute malicious JavaScript through formatResult function of the component Lookup...

Cross-site Scripting (XSS)

xataface is vulnerable to cross-site scripting. The vulnerability exists in installform.js.php due to lack of sanitization in the php elements which allows an attacker to inject and execute malicious javascript...

CVE-2022-40983

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page t...

Cross-site Scripting (XSS)

util-varexport is vulnerable to cross-site scripting. The vulnerability exists in the multiple functions of ViewExportedVariablesServlet.java as it does not properly escape the n-gram indexes in JSON before being rendered, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitizations in the index.ts file, which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

trafficserver is vulnerable to improper input validation. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scriptingXSS attacks. The vulnerability exists due to unchecked file uploads via the Resource endpoint, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scripting attacks. When a user uploads a file with .svg extension with direct access, the server response with content-type: image/svg+xml leading to processing SVG as HTML, allowing an attacker to inject malicious javascript...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-00009)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Stored XSS via XML File

Description When user upload a file with .xml extension and direct access this file, the server response with Content-type: image/svg+xml lead to processing XML as HTML file POC POST /flatpress-master/admin.php?p=uploader&action=default HTTP/1.1 Host: localhost Content-Length: 639 Origin:...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2022-42354 AEM Reflected XSS Arbitrary code execution

Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2022-44463 AEM Reflected XSS Arbitrary code execution

Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2022-42364 AEM Reflected XSS Arbitrary code execution

Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2022-35695 AEM Reflected XSS Arbitrary code execution

Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2022-44471 AEM Reflected XSS Arbitrary code execution

Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

Senayan Library Management System 9.2.2 Cross Site Scripting

Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Date: 12.21.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...