CVE-2021-21319

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround this is the default state...

Cross-site Scripting (XSS)

sulu/sulu is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the tag names as it does not properly sanitize input html...

CVE-2021-41156

anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browsertoday hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craf...

Design/Logic Flaw

The Brizy Page Builder plugin = 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizyupdateitem AJAX action and adding JavaScript to th...

CVE-2021-38344 Brizy <= 2.3.11 Authenticated Stored Cross-Site Scripting

The Brizy Page Builder plugin = 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizyupdateitem AJAX action and adding JavaScript to th...

Cross site scripting

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2021-40714 Adobe Experience Manager Reflected Cross Site Scripting via accesskey parameter

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the...

CVE-2021-23439

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

CVE-2021-23439 Cross-site Scripting (XSS)

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

PT-2021-15525 · Unknown · File-Upload-With-Preview

Name of the Vulnerable Software and Affected Versions: file-upload-with-preview versions prior to 4.2.0 Description: The issue allows a file containing malicious JavaScript code in its name to be uploaded, but this requires a user to be tricked into uploading such a file. Recommendations: For...

Cross site scripting

A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECTProvider/, such that when the content is viewed it can only be...

GHSA-HGJR-632X-QPP3 Cross-site scripting vulnerability in file upload

There is a cross-site scripting vulnerability in file upload on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible...

Cross-site Scripting (XSS)

baserproject/basercms is vulnerable to cross-site scripting. The file upload function on the management system does not escape user-provided data, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS) - Reflected in zoujingli/thinkadmin

✍️ Description The Application is Vulnerable to reflected XSS Attack. 🕵️‍♂️ Proof of Concept Open the following page in the browser as admin. The 商品名称 field is vulnerable to reflected XSS. An alert box is displayed as PoC...

Cross site scripting

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

CVE-2021-35479

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page. Recent assessments: NinjaOperator at July 23, 2021 9:42pm UTC reported:...

Google Language Translator < 6.0.10 - Authenticated (author+) Cross-Site Scripting (XSS)

The plugin was vulnerable to Authenticated Cross-Site Scripting XSS allowing a user with Author role to execute malicious JavaScript via the glt shortcode...

CVE-2021-24452

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...

CVE-2021-24452 W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...

MTN Group: cross site scripting in : mtn.bj

Summary: Xss vulnerability in mtn.bj in file name Steps To Reproduce: 1.Go to : https://www.mtn.bj/business/ressources/formulaires/plan-de-localisation-de-compte/?next=https://www.mtn.bj/business/ressources/formulaires/formulaire-de-souscription/ 2 - fill all inputs with any data 3 - in file uplo...