CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

PT-2022-17587 · Fava +1 · Fava +1

Name of the Vulnerable Software and Affected Versions: Fava versions prior to 1.22.3 Description: The issue is related to Cross-site Scripting XSS - Reflected, which occurs due to improper validation on filter conversion. This allows for malicious scripts to be injected into the website,...

Cross-site Scripting (XSS)

markdown-it-decorate is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious scripts via user-provided parameters...

Cross-site Scripting (XSS)

facturascripts/facturascripts is vulnerable to cross-site scripting. Lack of checking for file types for downloads before reading files allows an attacker to inject and execute malicious scripts...

WordPress plugin Copify 跨站请求伪造漏洞

WordPress is a set of blogging platform developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress plugin Copify 1.3.0 and prior versions, which stems from a lack of random number validation on the CopifySettings page. An attacker could exploit this...

GHSA-X78V-4FVJ-RG9J Camaleon CMS Stored Cross-site Scripting vulnerability

In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious...

Camaleon CMS Stored Cross-site Scripting vulnerability

In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious...

Camaleon CMS Stored Cross-site Scripting vulnerability

In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious...

invoiceninja cross-site scripting vulnerability

invoiceninja is an open source invoicing application built with Laravel and Flutter. invoiceninja suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute malicious scripts...

livehelperchat 跨站脚本漏洞

livehelperchat is an open source application that provides free live support on a website through live helper chat. A cross-site scripting XSS vulnerability exists in livehelperchat versions prior to 3.99, which can be exploited by an attacker to execute malicious JS scripts on the application...

Reflected XSS on clients-registrations endpoint

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser. Acknowledgement...

Organizr file upload vulnerability

Organizr is a tab management system. Designed to be a one-stop store for server front ends, Organizr versions prior to 2.1.1810 have a file upload vulnerability that stems from the lack of valid validation of uploaded files by the application, which can be exploited by attackers to upload .svg...

CVE-2022-1346

Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

Cross site scripting

Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

CVE-2022-1345 Stored XSS viva .svg file upload in causefx/organizr

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

CVE-2022-1290 Stored XSS in "Name", "Group Name" & "Title" in polonel/trudesk

Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

UPS VDP: Reflected XSS on https://wwwapps.ups.com/ctc/request?loc=

Summary: ========= Detalis XSS ----------- Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a...

CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

Design/Logic Flaw

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...