533 matches found
CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...
CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...
CVE-2024-36992 Persistent Cross-site Scripting (XSS) in Dashboard Elements
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthoriz...
CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability
The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...
iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
Exploit Title: iMLog "User Maintenance" 3. Click on "Search" and then select your UserID. 4. Change the "Last Name" input to 5. Click on "Save" 6. Refresh the page, XSS will be triggered...
CVE-2023-49575
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupsmtp in smtpserver, smtpuser, smtppassword an...
CVE-2023-49572
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupodbc in odbcdatasource, odbcuser and odbcpassword parameters. This vulnerability could allow an...
Savsoft Quiz v6.0 Enterprise - Stored XSS Vulnerability
Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux / Windows 10...
Savsoft Quiz v6.0 Enterprise - Stored XSS
Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux /...
Savsoft Quiz 6.0 Enterprise Cross Site Scripting
Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux /...
CVE-2022-45592
1 Server Side Request Forgery SSRF, 2 persistant Cross site scripting XSS, and 3 File upload vulnerability...
PT-2023-5296 · Unknown · Mod3Gp-Sy-120K
Name of the Vulnerable Software and Affected Versions: MOD3GP-SY-120K affected versions not specified Description: The web application of MOD3GP-SY-120K contains a persistent cross-site scripting XSS issue. This allows an authenticated remote attacker to inject an XSS payload into the MAIL RCV...
CVE-2023-39370
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
CVE-2023-37499
A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...
CVE-2023-37500
A Persistent Cross-site Scripting XSS vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks...
Cross site scripting
A Persistent Cross-site Scripting XSS vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks...
CVE-2023-37501 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Campaign
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks...
CVE-2023-37499 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform
A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...
WinterCMS 1.2.2 Cross Site Scripting
Exploit Title: WinterCMS alertdocument.cookie; //P...
CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...