CVE-2023-47549

Unauth. Reflected Cross-Site Scripting XSS vulnerability on 302 response page in spider-themes EazyDocs plugin = 2.3.3 versions...

CVE-2023-47549

Unauth. Reflected Cross-Site Scripting XSS vulnerability on 302 response page in spider-themes EazyDocs plugin = 2.3.3 versions...

CVE-2023-47549 WordPress EazyDocs Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability on 302 response page in spider-themes EazyDocs plugin = 2.3.3 versions...

CVE-2022-30518

ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simplechatbot/admin/responses/viewresponse.php...

CVE-2021-41918

webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the...

CVE-2020-5932

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting XSS vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed wh...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

CVE-2018-8899

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations...

IdentityServer3 authorize response page cross-site scripting vulnerability

IdentityServer3 is a .NET-based access control plug-in for Web applications. A cross-site scripting vulnerability in the Angular expression of the IdentityServer3 authorize response page allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be use...

CVE-2014-6196

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...

CVE-2009-2069

Microsoft Internet Explorer before 8 displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, an...

SQL injection

Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...