Cross-site Scripting (XSS)

ptrofimov/beanstalkconsole is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the output parameters in main.php and serversList.php, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

spip is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the malicious SVG file...

Cross-site Scripting (XSS)

python-django is vulnerable to cross-site scripting. The % debug % template tag in the library does not properly encode the current context, allowing an attacker to inject and execute malicious javascript...

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

Design/Logic Flaw

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

F5 NGINX Controller API Code Injection Vulnerability

The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...

Cross-site Scripting (XSS)

cypress-orchardcore is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the menu editing function of the library...

Cross-Site Scripting (XSS)

orchardcore is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser...

CVE-2021-44178

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a reflected Cross-Site Scripting XSS vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be...

Cross-site Scripting (XSS)

org.apache.portals.pluto.demo:v3-demo-portlet is vulnerable to cross-site scripting XSS. The library does not properly escape the user input parameters in UrlTestPortlet, allowing a remote attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

applicant-mvcbean-cdi-jsp-portlet is vulnerable to cross-site scripting. The library does not properly escape the user input parameters in confirmation.jspx, allowing an attacker to inject and execute malicious javascript...

Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites

UPDATE A supply-chain campaign infecting Sotheby’s real-estate websites with data-stealing skimmers was recently observed being distributed via a Brightcove cloud-video platform instance. According to Palo Alto Networks’ Unit 42 division, researchers noticed that most of the activity affected...

Projeqtor 9.3.1 Cross Site Scripting Vulnerability

Exploit Title: Projeqtor v9.3.1 Stored XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Vendor Homepage: https://www.projeqtor.org/en/ Software Link: https://www.projeqtor.org/en/product-en/downloads Tested on: Ubuntu, LAAMP Vendor: Projeqtor Version: v9.3.1 Exploit Description...

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. Proof of Concept 1 Visit "Contact Us" page and put in Message field. Cli...

CVE-2021-43861

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...

NUUO Network Video Recorder NVRsolo Cross-Site Scripting Vulnerability

NUUO Network Video Recorder NVR is a network video recorder from NUUO, Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo version 3.9.1, which stems from the lack of effective filtering and escaping of user-submitted request parameters, and can be...

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...

CVE-2021-41029

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests...