CVE-2021-27479

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...

Code injection

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...

Pagekit 跨站脚本漏洞

Pagekit is a modular, lightweight CMS content management system. pageKit has a cross-site scripting vulnerability, which stems from the fact that SVG files may contain malicious scripts that can be exploited by attackers to trigger XSS attacks...

ZOLL Defibrillator Dashboard Cross-Site Scripting Vulnerability

ZOLL Defibrillator Dashboard is a defibrillator management tool. A cross-site scripting vulnerability exists in versions of ZOLL Defibrillator Dashboard prior to 2.2. An attacker can exploit this vulnerability to inject and execute malicious scripts...

Information Disclosure

@backstage/techdocs-common is vulnerable to information disclosure. An attacker is able bypass sanitization by uploading documentation content with malicious scripts that would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the...

CVE-2021-32660

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...

CVE-2021-32660 TechDocs content sanitization bypass

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...

Chevereto 3.17.1 - Cross Site Scripting (Stored) Vulnerability

Exploit Title: Chevereto 3.17.1 - Cross Site Scripting Stored Google Dork: "powered by chevereto" Exploit Author: Akıner Kısa Vendor Homepage: https://chevereto.com/ Software Link: https://chevereto.com/releases Version: 3.17.1 Tested on: Windows 10 / Xampp Proof of Concept: 1. Press the Upload...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible to smuggle malicious JavaScript without the --unsafe option through HTML entities. PoC link Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

IBM Resilient SOAR Code Execution Vulnerability

BM Resilient is a set of incident response platform from IBM. The platform supports functions such as incident response process orchestration and incident management. A security vulnerability exists in IBM Resilient SOAR that allows a privileged user to create malicious scripts that can be execut...

CVE-2021-20527

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759...

Code injection

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759...

CVE-2021-20527

IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759...

Liquidfiles 跨站脚本漏洞

Liquidfiles Liquidfiles is a storage service for large, secure file transfers and sharing for companies and organizations from US-based Liquidfiles, Inc. LiquidFiles 3.4.15 suffers from a cross-site scripting vulnerability that originates from a payload execution on click if a file has no extensi...

CVE-2021-24157

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...

CVE-2021-24157

The CVE-2021-24157 issue affects Orbit Fox by ThemeIsle WordPress plugin. Affected component: the header/footer script injection feature in Orbit Fox; root cause: no validation of user capabilities (unfiltered_html) before saving script tags, enablingAuthenticated users with lower privileges to i...

Cross-site Scripting (XSS)

spoon/library is vulnerable to cross-site scripting XSS attacks. A specifically crafted string injected through form attribute placeholders allows remote attackers to execute malicious scripts...

GE Grid Solutions UR 跨站脚本漏洞

GE Grid Solutions UR is an embedded operating system from GE Grid Solutions, France. It provides high-performance protection, scalable I/O, integrated monitoring and metering, high-speed communications, and extensive programming and configuration capabilities. A cross-site scripting vulnerability...

Exploit for Cross-site Scripting in Digisol Dg-Hr3400_Firmware

CVE-2020-35262: Stored XSS in Digisol DG-HR3400 Router...

Cross-site Scripting (XSS)

s-cart is vulnerable to cross-site scirpting XSS. An attacker is able to inject and execute malicious script via the search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex...