Xbtit Cross-Site Scripting Vulnerability

Xbtit is a tracker software. A cross-site scripting vulnerability exists in Xbtit version 3.1. The vulnerability occurs when /ajaxchat/sendChatData.php fails to properly validate the value of the "n" POST parameter. An attacker could exploit this vulnerability to execute malicious JavaScript code...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the pricing rule of online shop in EcommerceFrameworkBundle, image thumbnails in settings, and video thumbnails in settings...

Microweber 跨站脚本漏洞

Microweber is a drag-and-drop website builder and CMS based on the PHP Laravel framework. Microweber suffers from a cross-site scripting vulnerability, which can be exploited by attackers to upload . azhtml file e.g. ahtml, bhtml, chtml, ddhtml, as long as it ends in html. After uploading,...

Reflected XSS

Description Privacy Consent in ForkCMS v 5.11.0 Setting unsanitized user input resulting in Reflected XSS. Proof of Concept Endpoint 1 http://IP/private/en/settings/index Step 1 Login to ForkCMS 2 Go to Settings - General 3 Insert payload on "Technical Name" user input at "Privacy Consent" panel...

GHSA-5RCC-6CMJ-7728 Cross-site Scripting in BookStack

Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop this type of...

Cross-site Scripting (XSS) - Stored

Description Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop thi...

Cross-site Scripting (XSS)

@awsui/components-react is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript as the library does not properly sanitize the user input...

25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository

Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down. The libraries in question...

Cross-site Scripting (XSS)

openmct is vulnerable to cross-site scripting. The library does not properly escape the URL field in the Summary Widget element, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

remdex/livehelperchat is vulnerable to cross-site scripting. The library has stored XSS at customercompanynameValueParam field in the Chat configuration page allowing an attacker to inject and execute malicious javascript on user's browser, resulting in compromised user accounts...

OTRS cross-site scripting vulnerability (CNVD-2022-13927)

OTRS is an open source defect tracking and management system software. OTRS suffers from a cross-site scripting vulnerability that originates in a dynamic field that can be configured by OTRS administrators, where malicious JavaScript code can be injected in the error message of a regular...

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

Cross-site Scripting (XSS) - Generic

Description The user-controlled GET user parameter in index.php is unsanitized resulting in Cross-Site Scripting. Proof of Concept Endpoint: GET https://HOST/edit/user File: /web/edit/user/index.phpL11 // Check user argument if empty$GET'user' header"Location: /list/user/"; exit; Request...

librenms Cross-Site Scripting Vulnerability (CNVD-2022-12754)

Librenms is a PHP and MySQL based open source network monitoring system from the Librenms community. The system features custom alerts, auto-discovery of network environments and automatic updates.Librenms suffers from a cross-site scripting vulnerability that stems from a lack of data validation...

Cross-site Scripting (XSS)

enshrined/svg-sanitize is vulnerable to cross-site scripting. The library uses HTML in SVG markup, allowing an attacker to inject and execute malicious javascript on victim's browser causing system hangs...

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...

Cross site scripting

An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users...

CVE-2022-23707

Summary: CVE-2022-23707 is a cross-site scripting (XSS) vulnerability in Kibana index patterns. An authenticated user with permissions to create index patterns could inject malicious JavaScript into an index pattern, potentially executing against other users. Affected versions (per sources): Kiba...