533 matches found
CVE-2018-25039 Thomson TCW710 RgUrlBlock.asp Persistent cross site scriting
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input alert1 as part of POST Request leads to cross site...
CVE-2017-20036 PHPList Bounce Rule Persistent cross site scriting
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version...
CVE-2017-20035 PHPList Subscribe Persistent cross site scriting
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...
CVE-2017-20034 PHPList List Name Persistent cross site scriting
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...
CVE-2022-29408
Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...
CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)
Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...
CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)
Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...
CVE-2022-29418
Authenticated admin user role Persistent Cross-Site Scripting XSS in Mark Daniels Night Mode plugin = 1.0.0 on WordPress via vulnerable parameters: &ntmodepagesettingenable-me, &ntmodepagesettingbg-color, &ntmodepagesettingtxt-color, &ntmodepagesettinganccolor...
CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin
PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...
PT-2022-11246 · Tcman Gim · Tcman Gim
Name of the Vulnerable Software and Affected Versions: TCMAN GIM version 8.01 Description: The issue allows an attacker to perform persistent XSS attacks using the m txtNom and m txtCognoms parameters. This could be used to carry out browser-based attacks, including browser hijacking or theft of...
CVE-2021-45903
A persistent cross-site scripting (XSS) vulnerability in SuiteCRM’s web interface enables remote injection of arbitrary JavaScript via attachments upload. Affected versions are SuiteCRM before 7.10.35, and 7.11.x, and 7.12.x before 7.12.2. Root cause involves inadequate input handling/sanitizatio...
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...
CVE-2021-31355
A persistent cross-site scripting XSS vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a...
CVE-2021-39267
Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution such...
CVE-2021-38757
Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php...
CVE-2020-22167
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...
Cross site scripting
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...
CVE-2020-22167
PHPGurukul Hospital Management System v4.0 contains a persistent cross-site scripting (XSS) vulnerability in hms/admin/appointment-history.php. The issue allows remote registered users to exploit the page to obtain user cookie data, indicating an information disclosure risk via stored or reflecte...
CVE-2020-22167
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...
Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting
Exploit Title: Customer Relationship Management CRM System 1.0 - 'Category' Persistent Cross site Scripting Date: 14-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link:...