CVE-2022-4361

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

Trend Micro Apex Central 跨站脚本漏洞

Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...

Xenforo Version 2.2.13 - Authenticated Stored XSS Vulnerability

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

Stored XSS

Description: The application contains a stored XSS vulnerability, which allows an attacker to inject and execute malicious scripts within the application. The vulnerability occurs due to improper input validation and output encoding mechanisms, which fail to adequately sanitize and encode...

WordPress Theme WoodMart 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress Theme WoodMart 7.2.1 and earlier...

WordPress Plugin WOLF 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2023-21607 · Unknown · Wp Chill Brilliance

Name of the Vulnerable Software and Affected Versions: WP Chill Brilliance theme versions prior to 1.3.1 Description: A Stored Cross-Site Scripting XSS vulnerability exists, allowing authenticated users with subscriber or higher privileges to inject malicious scripts. Recommendations: For WP Chil...

SAP CRM ABAP Cross-Site Scripting Vulnerability

SAP CRM is a customer relationship management system from SAP in Germany. A cross-site scripting vulnerability exists in SAP CRM ABAP, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive information or hijack a user session when...

Stored XSS on user "Edit own profile" function

Description An attacker can inject malicious executable scripts into the code of the Social media field Proof of Concept Log in as a Member user, access My profile - Edit own profile function, insert this payload to any field " autofocus onfocus=promptdocument.domain then click Save. Access the...

What is a web shell?

Editors note: The Need to Know is a new series from Talos, which focuses on cybersecurity terms, threats, tools and tactics that are discussed in our broader threat research. Think of this as a living encyclopedia of security terms and trends. Cisco Talos Incident Response recently released our...

PT-2023-22812 · Iris-Web · Iris-Web

Name of the Vulnerable Software and Affected Versions: iris-web versions prior to 2.2.1 Description: A stored Cross-Site Scripting XSS issue has been identified, allowing an attacker to inject malicious scripts into the application. These scripts are executed when a user visits the affected...

CVE-2023-31862

jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...

CVE-2023-31862

jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...

Cross site scripting

A Cross-Site ScriptingXSS vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application...

CVE-2023-2509 A Cross-Site Scripting(XSS) vulnerability was found on ADM

A Cross-Site ScriptingXSS vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application...

CVE-2023-30860 WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account

WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert...

WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account

In AVideo, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but I found out that it did not properly sanitize the malicious characters when creating a Meeting Room. This leads the attacker to put malicious scripts. Impact: Since any USER including...

Cross site scripting

A cross-site scripting XSS vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.14C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service DoS condition...

Cross site scripting

The cross-site scripting XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through...

CVE-2023-27990

The CVE-2023-27990 XSS vulnerability affects Zyxel devices (ATP, USG FLEX series, USG FLEX 50(W), USG20(W)-VPN, VPN series) with versions ranging from 4.x to 5.x. An authenticated administrator could store malicious scripts that execute when visiting the device GUI Logs page. Affected components ...