CVE-2020-37233

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

Exponent CMS 跨站脚本漏洞

Exponent CMS is a website content management system provided by the Exponent company, offering capabilities for page management and modular content editing. Version 2.6 of Exponent CMS contains a cross-site scripting vulnerability. This vulnerability stems from storage-based cross-site scripting...

PT-2026-39507

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

Payload-XSS

Payload-XSS Daftar Isi 1. Payload Dasar 1-20payload-...

Mozilla Thunderbird < 78.3

The version of Thunderbird installed on the remote Windows host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-44 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a...

Mozilla Thunderbird < 78.3

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-44 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting i...

EUVD-2025-36367

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

EUVD-2010-0002

Malware in sbrugna...

EUVD-2013-1137

Malware in sbrugna...

EUVD-2009-0081

Malware in sbrugna...

EUVD-2012-2559

Malware in sbrugna...

EUVD-2022-4734

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-iframeconfig attribute. An attacker can execute arbitrary JavaScript in the context of the affected site by injecting malicious attributes such as onload or onmouseenter through wikitext. Details...

Linux Distros Unpatched Vulnerability : CVE-2018-6561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. CVE-2018-6561 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2020-15676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting...

CVE-2022-37044

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine...

CVE-2017-8899

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...

CVE-2008-7250

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...

Cross-Site Scripting (XSS)

ContentTools is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the onload argument in the Image Handler component, allowing an attacker to exploit it...