Cross-Site Scripting (XSS)

magento/community-edition is vulnerable to a stored Cross-site scripting XSS vulnerability. The vulnerability is due to insufficient input sanitization, allowing an authenticated user to inject malicious JavaScript into the name of the main website, which can then execute in the context of other...

Carbon Forum 5.9.0 - Stored XSS Vulnerability

Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS vulnerability was...

CVE-2024-36214

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36206

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-36205

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36182

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26114

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-26092

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26054

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36211

CVE-2024-36211 affects Adobe Experience Manager (AEM) 6.5.20 and earlier, with a reflected cross-site scripting (XSS) vulnerability. A low-privilege attacker can lure a victim to a URL that references a vulnerable page, causing malicious JavaScript to execute in the victim’s browser. The vulnerab...

CVE-2024-36201

Adobe Experience Manager 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields that could allow an attacker to inject and execute malicious JavaScript in a victim’s browser when visiting a page containing the field. The issue is documented ...

CVE-2024-36177 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36162

CVE-2024-36162 affects Adobe Experience Manager (AEM) 6.5.20 and earlier. The issue is a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing an attacker to inject malicious scripts that execute in a victim’s browser when they visit the affected page. The vulnerabil...

CVE-2024-36169

Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a stored Cross‑Site Scripting (XSS) vulnerability in vulnerable form fields, enabling attackers to inject malicious JavaScript that executes in a victim’s browser when visiting the page containing the field. Root cause: stored XSS ...

CVE-2024-26121 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36142 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26086 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

Carbon Forum 5.9.0 Cross Site Scripting

Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS...

CVE-2024-3850

Affected product: Uniview NVR301-04S2-P4. Vulnerability: reflected cross-site scripting (XSS) via the PATH of LAPI. Root cause: improper neutralization of input during web page generation (CWE-79), with XSS possible on pages under /LAPI/. Some sources note authentication is required; others indic...

CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...