Cross-site Scripting (XSS)

privatebin is vulnerable to cross-site scripting. No sanitization in handling Attachment before sending for preview in SVG in AttachmentViewer allows malicious script execution in instance context...

Webmin 跨站脚本漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.A cross-site scripting vulnerability exists in Webmin version 1.973, which stems from the lack of filtering and escaping of user-submitted parameters for the upload and download...

UBUNTU-CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

Cisco Web Security Appliance和Cisco AsyncOS 跨站脚本漏洞

The Cisco Web Security Appliance WSA and Cisco AsyncOS are both products of Cisco, U.S.A. The Cisco Web Security Appliance is a Web security appliance. The appliance provides SaaS-based access control, real-time web reporting and tracking, and development of security policies.Cisco AsyncOS is an...

CVE-2022-26615

A cross-site scripting XSS vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields...

Cross site scripting

A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...

Cross site scripting

A cross-site scripting XSS vulnerability in /public/admin/index.php?adduser at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field...

Total.js 跨站脚本漏洞

Total Avengers Totaljs Framework is a Javascript-based code base for building web, desktop, service or IoT applications from Total Avengers, Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications.A cross-site scripting vulnerability exists...

CVE-2022-24136

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it...

Parsedown Class-Name Injection

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

showdoc .m3u8a file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .m3u8a file extensions in the application's file upload feature. An attacker could exploit this...

JVN#87751554: Multiple vulnerabilities in pfSense

pfSense software provided by Netgate contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2021-20729 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Improper...

showdoc 跨站脚本漏洞

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .md file extensions in the application's file upload feature. An attacker could use this vulnerability to...

showdoc 跨站脚本漏洞

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .aspx file extensions in the application's file upload functionality. An attacker could use this...

showdoc 跨站脚本漏洞

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .properties file extensions in the application's file upload feature. An attacker could exploit this...

showdoc 跨站脚本漏洞

showdoc is an open source tool ideal for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability, which stems from the lack of valid detection of .aspx file extensions in the application's file upload feature. An attacker could exploit this...

SUSE-SU-2022:0696-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 bsc1195682 - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during upda...

MarkText vulnerable to cross-site scripting

Overview MarkText is a Markdown editor. MarkText contains a cross-site scripting vulnerability CWE-79. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

MarkText 跨站脚本漏洞

MarkText is a simple and elegant Markdown editor with a focus on speed and usability.A cross-site scripting vulnerability exists in versions of MarkText prior to 0.17.0, which stems from improper handling of links using javascript:scheme in documents. A remote attacker could exploit this...