CVE-2021-43764 Adobe Experience Manager Stored XSS in the Spin Set

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2021-44177 Adobe Experience Manager Stored XSS in user name parameter in the package manager

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Stored xss Proof of Concept txt onmouseover="alert1"link Video : https://drive.google.com/file/d/1WzArNdgXgjVOS6qsePRvGWIz6ljtxApx/view?usp=sharing Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

U.S. Dept Of Defense: CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. CAS is vulnerable to a Reflected Cross-Site Scripting attack, via POST requests sent to the REST API endpoints. The payload could be injected on URLs: /███████/. Malicious scripts can be submitted to CAS via...

Cross-site Scripting (XSS) - Generic in projectsend/projectsend

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

Cross-site Scripting in DayByDay CRM

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...

GHSA-JR37-66PJ-36V7 Cross-site Scripting in DayByDay CRM

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...

GHSA-PQHQ-XX62-2V2P Cross-site scripting in Apache NiFi

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers...

CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...

CVE-2022-22109 DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...

Cross site scripting

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

Design/Logic Flaw

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...

CVE-2022-21649 Stored XSS via attribute in convos

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

CVE-2022-21649 Stored XSS via attribute in convos

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

CVE-2022-21649

Convos (open source multi-user web chat) is affected by a Stored XSS in chat messages. The vulnerability arises because escaping exists for but not for double quotes, enabling attacker-controlled scripts via the chat window (e.g., injected by https:// links that become tags). The root cause is ...

CVE-2022-21649 Stored XSS via attribute in convos

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

CVE-2022-21650 Stored XSS via html file upload in convos

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description When editing your profile, you can create social media links. However, the stored XSS vulnerability using the autofocus and onfocus attributes occurs because the double-quote is not URL-encoded in the input value of the social media link. Proof of Concept txt 1. Open the...

Cross-site Scripting (XSS)

snipe/snipe-it is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization of user input which allows an attacker to inject malicious scripts during Web Page Generation...

Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...