Cross-Site Scripting

thelia/thelia is vulnerable to Cross-site Scripting. The vulnerability is due to insufficient sanitization within the error.html template of the BackOffice. This allowing attackers to inject malicious scripts that can be executed in the browsers of users visiting the affected page...

Cross-site Scripting (XSS)

Thelia is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization within the error.html template which allows an attacker to inject and execute malicious scripts...

Deserialization Of Untrusted Data

symbiote/silverstripe-multivaluefield is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to inadequate validation of user input, as well as object injection caused by support for handling PHP objects as values, which allows an attacker to inject malicious scripts...

CVE-2024-35236

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges upload, creation of libraries can lead to remote code execution RCE in t...

Cross-Site Scripting

shopware/shopware is vulnerable to Cross-Site Scripting. The vulnerability is due to inadequate input sanitization in the frontend, which allows an attacker to inject and execute malicious scripts in the context of a victim’s web browser...

Cross Site Scripting (XSS)

phpxmlrpc/extras is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to inadequate input validation within the documentingxmlrpcserver class when processing the GET methodName parameter, which allows attackers to execute malicious scripts in the context of the user's browser,...

Cross Site Scripting (XSS)

wwbn/avideo is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation, allowing attackers to inject malicious scripts into web pages viewed by other users...

Cross-site Scripting (XSS)

passbolt/passboltapi is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing an attacker to inject malicious scripts into the user's first and last name fields, which execute when the setup link in the invitation email is accessed...

Cross Site Scripting (XSS)

survey-core is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient sanitization of the imageLink property in questionimage.ts, which allows an attacker to execute malicious scripts via setting contentMode=youtube...

Shopware Non-Persistent XSS in the Frontend

A non-persistent Cross-Site Scripting XSS vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim's web browser...

GHSA-F98P-2HC5-FM7V AVideo cross-site scripting vulnerability in the view/about.php page

The PHP file view/about.php is vulnerable to an XSS issue due to no sanitization of the user agent. At line 53, the website gets the user-agent from the headers through $SERVER'HTTPUSERAGENT' and echo it without any sanitization. In PHP, echo a user generated statement, here the User-Agent Header...

AVideo cross-site scripting vulnerability in the view/about.php page

The PHP file view/about.php is vulnerable to an XSS issue due to no sanitization of the user agent. At line 53, the website gets the user-agent from the headers through $SERVER'HTTPUSERAGENT' and echo it without any sanitization. In PHP, echo a user generated statement, here the User-Agent Header...

KYKMS Cross-Site Scripting Vulnerability

KYKMS is a knowledge base management system. KYKMS suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack user sessions when malicious data is viewed...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to a lack of proper input sanitization and encoding of user-generated content in the form module. Exploiting this flaw enables attackers to inject and execute malicious scripts...

CVE-2024-34070

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

CVE-2024-28277

In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subjectname= parameter, enabling Stored Cross-Site Scripting XSS attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloa...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the order tracking URL. An attacker can manipulate the web page content or hijack user sessions by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerability that occurs whe...

Cross-Site Scripting (XSS)

froxlor/froxlor is vulnerable to Cross-Site Scripting. The vulnerability is due to inadequate sanitization of user input in the loginname parameter during failed login attempts, which allows attackers to inject and store malicious scripts that are executed when an administrator views the System...

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the link," the computer...

Cross-site Scripting (XSS)

MS Basic vulnerable to a cross-site scripting XSS vulnerability. The vulnerability is due to insufficient input sanitization in the search function, allowing attackers to inject malicious scripts into the search input, potentially leading to the execution of arbitrary code in the context of other...