132 matches found
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-1010028
phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/sendreply/. The attack vector is:...
CVE-2019-3911
Reflected cross-site scripting XSS vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /r2/query endpoints...
PT-2019-16766 · Labkey · Labkey Server Community Edition
Name of the Vulnerable Software and Affected Versions: LabKey Server Community Edition versions prior to 18.3.0-61806.763 Description: A reflected cross-site scripting issue allows an unauthenticated remote attacker to inject arbitrary javascript. This is achieved via the onerror parameter in the...
GHSA-WG85-P6J7-GP3W SimpleMDE XSS Vulnerability
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...
CVE-2018-19057
CVE-2018-19057 affects SimpleMDE 1.11.2. The vulnerability is a cross-site scripting (XSS) issue triggered by an onerror attribute on a crafted IMG element, or by certain input containing [ and ( characters, which is mishandled during the construction of an A element. The issue is described acros...
TeaKKi Cross-Site Scripting Vulnerability
TeaKKi is a team document collaboration software. The software features document synchronization, category management and rights management. A cross-site scripting vulnerability exists in TeaKKi version 2.7. The vulnerability can be exploited by remote attackers to inject arbitrary web script or...
CVE-2018-18540
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...
Cross site scripting
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...
CVE-2018-18540
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...
CVE-2018-13433
Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element...
CVE-2018-13339
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...
CVE-2018-13065
ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...
Code injection
DISPUTED ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...
CVE-2018-13065
CVE-2018-13065 affects ModSecurity 3.0.0 with a Cross-Site Scripting issue: XSS via an IMG onError attribute. The core detail across connected sources is that an attacker could inject script through an onError on an IMG tag; some sources note a third party disputes applicability without a Core Ru...
ModSecurity 3.0.0 - Cross-Site Scripting
ModSecurity 3.0.0 - Cross-Site Scripting. CVE-2018-13065. Webapps exploit for Linux platform. Tags: Cross-Site Scripting XSS Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewa...
PT-2018-11565 · Owasp · Modsecurity
Name of the Vulnerable Software and Affected Versions: ModSecurity version 3.0.0 Description: The issue concerns an XSS vulnerability via an onerror attribute of an IMG element. It is noted that a third party has disputed this issue, suggesting it may only apply to environments without a Core Rul...
CVE-2017-5387
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...
CVE-2017-5387
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...
Double free
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...