Projeqtor 9.3.1 Cross Site Scripting Vulnerability

Exploit Title: Projeqtor v9.3.1 Stored XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Vendor Homepage: https://www.projeqtor.org/en/ Software Link: https://www.projeqtor.org/en/product-en/downloads Tested on: Ubuntu, LAAMP Vendor: Projeqtor Version: v9.3.1 Exploit Description...

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. Proof of Concept 1 Visit "Contact Us" page and put in Message field. Cli...

CVE-2021-43861

Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 t...

NUUO Network Video Recorder NVRsolo Cross-Site Scripting Vulnerability

NUUO Network Video Recorder NVR is a network video recorder from NUUO, Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo version 3.9.1, which stems from the lack of effective filtering and escaping of user-submitted request parameters, and can be...

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...

CVE-2021-41029

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests...

Fortinet FortiWLM 跨站脚本漏洞

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. A cross-site scripting vulnerability exists in Fortinet FortiWLM, which can be exploited by attackers to execute malicious javascript code on the victim's host via a crafted HTTP request...

FortiWeb - Reflected cross-site scripting in error controllers

Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...

Cross-site Scripting (XSS)

ckan is vulnerable to cross-site scripting. The library does not properly sanitize input strings, allowing an attacker to inject and execute malicious javascript via SVG file...

CVE-2021-25987

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code...

CVE-2021-25987 Hexo - Stored XSS

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code...

Cross-site Scripting (XSS)

@joeattardi/emoji-button is vulnerable to cross-site scripting. The vulnerability exists because the custom emojis of emoji-button doesn't escape HTML, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

getkirby/kirby is vulnerable to cross-site scripting. The library does not properly escape HTML special characters, allowing an attacker to inject and execute malicious javascript. test...

Bludit 3.13.1 - (username) Cross Site Scripting Vulnerability

Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to reproduce 1. Open...

Darwin Factor 跨站脚本漏洞

Darwin Factor is a free and open source next-generation TypeScript framework from Darwin, Inc. Darwin Factor has a cross-site scripting vulnerability that stems from vulnerability to search parameter reflection cross-site scripting XSS attacks in URLs, which can be exploited by unauthenticated...

CVE-2021-42703

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action...

Cross-Site Scripting (XSS)

django-helpdesk is vulnerable to cross-site scripting. The library does not properly sanitize input strings, allowing an attacker to inject and execute malicious javascript...

Montala ResourceSpace 跨站脚本漏洞

ResourceSpace is a digital asset management tool that enables users to organize their digital assets. cross-site scripting exists in the wordpressuser parameter in plugins/wordpresssso/pages/index.php in versions prior to ResourceSpace 9.6 rev 18290 vulnerability. An attacker could exploit this...

Cross-site Scripting (XSS)

publifycore is vulnerable to cross-site scripting. An attacker with a publisher role can inject and execute malicious javascript while creating a page or article...