CKEditor cross-site scripting vulnerability (CNVD-2024-09867)

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor4, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code by abusing a misconfigured preview function...

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor4, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code by abusing a misconfigured preview function...

Cross-site Scripting in Preview function bypass CSP

Description In text.js plugins, the user have Extract Text from the graph, so this function will extract all text and as we can see, the user can preview text above and since the server doesn't clean up the text before rendering, it results in XSS. Proof of Concept html ' Step to reproduce Drag a...

CVE-2023-2247

CVE-2023-2247 affects Octopus Deploy. The documented issue allows unmasking variable secrets via the variable preview feature in affected versions. The sources describe the behavior but do not specify exact affected versions or a confirmed patch. No exploitation details are provided in the docume...

CVE-2021-41809

SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities...

Server side request forgery (ssrf)

SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities...

PT-2022-11489

Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 22.1.11017.1 Description The issue concerns a Server-Side Request Forgery SSRF vulnerability. It is related to a preview function in M-Files Server products that allows making queries from the server with certa...

CVE-2021-41809

SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities...

CVE-2020-22224

Stivasoft Phpjabbers Fundraising Script v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the pjActionPreview function...

Wordpress WPForms 1.5.9 Plugin - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisor...

Bolt CMS Cross-Site Scripting Vulnerability (CNVD-2019-05670)

Bolt is a simple CMS written in PHP. A cross-site scripting vulnerability exists in Bolt CMS versions prior to 3.6.2, which can be exploited by remote attackers to inject arbitrary web script or HTML via the preview function in text input pages...

Ubiquiti Inc.: Reflected XSS

Due to the lack of sanitisation in the commend area, with a especially crafted message, is possible to execute a XSS with the "preview" function. If a draft is save, is possible to exploit this bug using as and stored-XSS. The "New Discussion" page on the Spanish and Portuguese forums have a...

Nextcloud: Shared file link - password protection bypass under certain conditions

Summary An unauthenticated remote attacker can bypass password protection on certain shared file types through the file sharing app's publicpreview.php function. Vulnerable URL http://server/nextcloud/index.php/apps/filessharing/ajax/publicpreview.php?x=width&y=height&t=share ID Description...