CVE-2023-31862

jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...

Cross-site Scripting (XSS)

rollout-ui is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the feature's name attribute in the library does not properly escape in the Do you really want to delete confirmation dialogue when the user clicks Delete, which allows an attacker to inject and execute malicio...

Cross-Site Scripting (XSS)

org.xwiki.commons:xwiki-commons-xml is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape arbitrary HTML code before it output to the front end, allowing an attacker to inject and execute malicious javascript on the victim's browser...

Stored Cross-Site Scripting (XSS)

apacheairflow is vulnerable to Stored Cross-Site Scripting XSS attacks. The library uses template literals to construct html elements, which allows an attacker to execute malicious JavaScript on victim's browser through XSS payloads stored on the application server...

Cross-site Scripting (XSS)

opentsdb is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the insufficient validation of parameters reflected in error messages in the internalError and badRequest functions of HttpQuery.java, which allows an attacker to inject and execute malicious JavaScript through th...

Cross Site Scripting in OpenTSDB

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

CVE-2023-25827

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

Arbitrary Code Execution

jena-arq is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the insufficient validation of user scripting queries in the library, which allows an attacker to inject and execute malicious JavaScript via a SPARQL query when invoking custom scripts...

Stored Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Stored Cross-site Scripting XSS. The vulnerability exists due to the improper sanitization in the adminlog of the stat.adminlog.php, which allows an attacker to inject and execute malicious JavaScript through the $text attribute...

Cross-Site Scripting (XSS)

editor.md is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end as a crafted script through the editor parameter, which allows an attacker to inject and execute malicious JavaScript in the victim's browser...

Cross site scripting

Stored Cross site scripting XSS vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page...

Code injection

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

CVE-2023-0157 All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

WordPress plugin All-In-One Security 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Online Computer and Laptop Store 跨站脚本漏洞

Online Computer and Laptop Store is an online computer and laptop sales system. Online Computer and Laptop Store version 1.0 contains a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript scripts...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user inputs before it output to the front end due to the use of FILTERUNSAFERAW filter, allowing an attacker to inject and execute malicious javascript on victim's browser...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS. The library does not properly escape the user inputs through $editData parameter in configuration.php, before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser...

Stagtools < 2.3.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 1. Create a Post and add a Shortcode. 2...

Cross-Site Scripting (XSS)

github.com/gophish/gophish is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user input before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on victim's browser via a crafted landing page...

CVE-2023-22269

Experience Manager versions 6.5.15.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...