69 matches found
CVE-2023-32071 XWiki Platform vulnerable to RXSS via editor parameter - importinline template
XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has...
CVE-2023-31180
WJJ Software InnoKB Server/Console 2.2.1 is affected by reflected cross-site scripting (RXSS) via an unspecified request. The vulnerability is documented across multiple feeds, with CVSS v3.1 metrics indicating Networks access, Low attack complexity, and user interaction required. There is no exp...
CVE-2022-39187
Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting RXSS vulnerability through unspecified vectors...
Cross site scripting
Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting RXSS vulnerability through unspecified vectors...
CVE-2022-39187
CVE-2022-39187 concerns Rumpus - FTP server 9.0.7.1 with a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. Multiple connected sources corroborate RXSS in this version; details on vectors, exploitability, and affected components are not consistently provided across...
U.S. Department of State: RXSS on https://travel.state.gov/content/travel/en/search.html
Vulnerability description not provided...
[20221101] - Core - RXSS through reflection of user input in com_media
Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...
Cross site scripting
AlgoSec – FireFlow Reflected Cross-Site-Scripting RXSS A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user victim. JavaScript code is executed on...
CVE-2022-36783 AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS)
AlgoSec – FireFlow Reflected Cross-Site-Scripting RXSS A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user victim. JavaScript code is executed on...
CVE-2022-36783
CVE-2022-36783 affects AlgoSec FireFlow with a Reflected Cross-Site-Scripting (RXSS) vector. A malicious user can inject JavaScript into the IntersectudRule parameter on the search/result.html page by changing the request method from POST to GET and sharing the URL with a victim. This results in ...
CVE-2022-36801
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8...
CVE-2022-36801
CVE-2022-36801 affects Atlassian Jira Server and Data Center prior to 8.20.8. The issue is a Reflected XSS in the TeamManagement.jspa endpoint that allows anonymous remote attackers to inject arbitrary HTML or JavaScript. Several sources corroborate the affected version range and the vulnerabilit...
CVE-2022-36801
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8...
PT-2022-4143 · Atlassian · Jira
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.20.8 Description: The issue allows anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the "TeamManagement.jspa...
U.S. Dept Of Defense: RXSS on █████████
Description: the WhatSubmitted parameter not filtered, i can insert " character and execute code JS Impact Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate...
U.S. Dept Of Defense: [████████] RXSS via "CurrentFolder" parameter
A reflected cross-site scripting vulnerability was found on a website that allowed malicious scripts to be injected via the CurrentFolder parameter...
U.S. Dept Of Defense: RXSS on █████████
I found RXSS on https://███████/██████ Impact Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious...
Equifax-vdp: RXSS on https://equifax.gr8people.com on Password Reset page in the username parameter
Hello, While testing your program i came across a website that is owned by informatica and is vulnerable to RXSS on Password Reset page in the username parameter POC:...
U.S. Dept Of Defense: Rxss on █████████ via logout?service=javascript:alert(1)
Description: I found open redirect and xss Rxss at the ██████████ logout page, https://████/██████████/logout?service=https://google.com It also allows javascript URIs, leading to Xss Impact Attacker can trick users to visit malicious websites or can lead to phishing and many other type of attack...
WordPress Photo Gallery 1.5.69 Cross Site Scripting
Researcher Name: ThuraMoeMyint Twitter: https://twitter.com/mgthuramoemyint Vendor Url: https://wordpress.org/plugins/photo-gallery/ "Photo Gallery by 10Web / Mobile-Friendly Image Gallery" photo-gallery Multiple RXSS The parameter bwgalbumbreadcrumb0 is able to inject malicious javascript code...