CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2021-31830

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...

CVE-2022-46686

Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set or change these...

CVE-2021-24237

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2021-22993

CVE-2021-22993 affects BIG-IP Advanced WAF and BIG-IP ASM. The vulnerability is a DOM-based XSS on the DoS Profile properties page in affected versions: 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3. The root cause is DOM-...

Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue. PoC...

CVE-2020-24604

A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescriptio...

PT-2020-15763 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.5.1 Description: A Reflected XSS issue was discovered, allowing remote attackers to inject arbitrary web script or HTML via the GET request parameters searchName, searchValue, searchDescription,...

moveindubai.com XSS vulnerability

Open Bug Bounty ID: OBB-606304 Description| Value ---|--- Affected Website:| moveindubai.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

sharqrealestate.com XSS vulnerability

Open Bug Bounty ID: OBB-429656 Description| Value ---|--- Affected Website:| sharqrealestate.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Che...

woodworkerssource.com XSS vulnerability

Vulnerable URL: http://www.woodworkerssource.com/showproperties.php?wood=1/-///'/"//--...