Exploit for Cross-site Scripting in Seafile

CVE-2021-30146 Seafile 7.0.5 Persistent XSS Suggested descri...

CVE-2021-24162

In the Reponsive Menu free and Pro WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in...

Cross site request forgery (csrf)

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into...

CVE-2021-24162 Responsive Menu < 4.0.4 - CSRF to Settings Update

In the Reponsive Menu free and Pro WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. Contact Form 7 Style WordPress plugin through 3.1.9 suffers from a cross-site request forgery vulnerability that ste...

Wiki.js 跨站脚本漏洞

Wiki.js is a suite of open source Wiki software from the Requarks.io team based on Node.js and written in JavaScript. Wiki.js before version 2.5.191 contains a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious JavaScript while another user is viewing the...

研华 Advantech WebAccess/SCADA 跨站脚本漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A cross-site scripting vulnerability...

Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS

The plugin was being actively exploited, allowing low privilege users to use the floimportformsoptions AJAX action to import new options and inject malicious JavaScript code in the backend...

CVE-2021-21079

Adobe Connect version 11.0.7 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing t...

CVE-2021-21079

Adobe Connect version 11.0.7 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing t...

Mail.ru: Stored xss in calendar via call link

Call link URI schema in calendar.mail.ru web application was filtered improperly, allowing malicious javascript: links...

Sourcecodester Web Based Quiz System 跨站脚本漏洞

Sourcecodester Web Based Quiz System is Sourcecodester an open source application . Used for a simple online based project . Sourcecodester Web Based Quiz System 1.0 suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript code...

NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

In the eCommerce module of NextGEN Gallery Pro, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript. PoC On a page where a NextGEN Pro gallery is embed:...

Cross-site Scripting (XSS)

Overview @stoplight/markdown is an Useful functions when working with Markdown. Leverages the Unified / Remark ecosystem under the hood. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible to inject malicious JavaScript as part of the markdown feature of...

b2evolution 6.11.6 - &#039;tab3&#039; Reflected XSS

Exploit Title: b2evolution 6.11.6 - 'tab3' Reflected XSS CVE: CVE-2020-22839 Date: 10/02/2021 Exploit Author: Nakul Ratti, Soham Bakore Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version...

CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

GHSA-3CRJ-W4F5-GWH4 Processing untrusted theming resources might execute arbitrary code (ACE)

Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...

Cross site scripting

A cross-site scripting XSS vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.128. The vulnerability ste...

Caret Editor Input Validation Error Vulnerability

Caret Editor is a Markdown file editor from Caret. Caret Editor before 4.0.0-rc22 suffers from an input validation error vulnerability that stems from a specially crafted Markdown document that could lead to the execution of malicious JavaScript code in the insertion symbol editor...