37 matches found
Exploit for CVE-2024-4041
CVE-2024-4041 Yoast SEO /?page=%22%20onmouseover%3D%...
EUVD-2005-2139
Malware in sbrugna...
CVE-2025-56515
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...
CVE-2005-2138
Cross-site scripting XSS vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message...
Cross-Site Scripting (XSS)
silverstripe/admin is vulnerable to Cross-Site Scripting XSS . The vulnerability is due to inadequate input validation, allowing an attacker to embed malicious JavaScript through onmouseover or onmouseout attributes in the WYSIWYG editor...
PT-2024-12285 · Grav · Grav
Name of the Vulnerable Software and Affected Versions: Grav versions 1.7.44 and before Description: A cross-site scripting XSS vulnerability allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. Recommendations: For Gra...
Grav Cross-Site Scripting Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A cross-site scripting vulnerability exists in Grav 1.7.44 and earlier versions that could allow an authenticated, remote attacker to execute arbitrary web...
PT-2023-33004 · Tinymce +1 · Tinymce +1
Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 20.2.0 OpenMage magento-lts versions prior to 20.2.0 Description: The TinyMCE WYSIWYG editor fails to filter scripts when rendering HTML in specially crafted HTML tags, allowing for potential exploitation. This issue...
CVE-2023-23637
CVE-2023-23637 affects IMPatienT before 1.5.2. It allows stored XSS via onmouseover in certain text fields within PATCH /modify_onto to the ontology builder, potentially leading to disclosure of Protected Health Information. CVSS v3.1 base score 7.6 (HIGH), vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:...
Happyforms < 1.22.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Forms" Gutenberg...
CVE-2021-41823
The Web Application Firewall WAF in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism...
Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS
The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. Exploit...
Form Maker < 1.13.60 - Authenticated Stored XSS
The plugin does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue Create or edit a form and add the following payload in the Form Title field "autofocus onmouseover=alert/XSS///...
CVE-2018-1000848
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...
CVE-2018-1000848
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...
Cross site scripting
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...
CVE-2018-13849
editrequests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on pregreplace...
tamilchristianshop.com XSS vulnerability
Open Bug Bounty ID: OBB-547922 Description| Value ---|--- Affected Website:| tamilchristianshop.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2017-8103
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event...
dx.com XSS vulnerability
Vulnerable URL: http://www.dx.com/s/123?PriceIntvl=1-94=100' onmouseover=alert/xssposed/=AvgRating=2 Details: Description| Value ---|--- Patched:| Yes, at 18.01.2016 Latest check for patch:| 18.01.2016 04:31 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1667...