CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

Cross site scripting

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to cross-site scripting. The vulnerability exists due to the insufficient sanitization in the input urls, allowing an attacker to inject and execute malicious javascript when using an older browser with built-in XSS protection is disabled...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to cross-site scripting. The vulnerability exists in the old browsers with the XSS protection is disabled, allowing an attacker to inject and execute malicious javascript as the library does not properly escape malicious inputs by default...

parse-url 跨站脚本漏洞

parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from the ability to run malicious JS code using ASCII characters starting with and all special escape characters starting with Unicode, which can...

Cross-site Scripting (XSS)

tomcat is vulnerable to cross-site scripting. The vulnerability exists because the user-provided name, value, and type form attributes are not filtered before being displayed on the web page, allowing an attacker to inject and execute malicious javascript...

Dell Wyse Management Suite 跨站脚本漏洞

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, USA. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery. A cross-site scripting vulnerability exists in Wyse Management Suite 3.6.1 and prio...

WordPress Theme Atahualpa 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress theme is a theme for WordPress. WordPress Atahualpa Theme is vulnerable to a cross-site scripting...

Cross-site Scripting (XSS)

nukeviet/nukeviet is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the $preTag parameter in filterTags of Request.php...

GHSA-RM89-9G65-4FFR Insufficient HTML Sanitization

Impact Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views. The problem here stems from multiple issues: - Insufficient...

elFinder <= 2.1.31 XSS Vulnerability

elFinder is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:std42:elfinder";...

Cross-site Scripting (XSS)

typo3/cms-core is vulnerable to cross-site scriptingXSS attacks. A malicious user with a valid backend user account is able to pass harmful HTML content via the form designer backend module of the form framework, allowing an attacker to execute malicious javascript on victim's browser...

Rosariosis Cross-Site Scripting Vulnerability (CNVD-2022-46169)

RosarioSIS Student Information System, designed for school administration, is designed to meet the most important needs of administrators, teachers, support staff, parents, students and clerical staff, however, it also adds many components not normally found in student information systems. versio...

Cross site scripting

The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code...

Cross site scripting in publify

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file...

Cross site scripting in Crafter CMS

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel...

GHSA-77MV-P94F-QCQ4 Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...