Cross site scripting

A cross-site scripting XSS vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin...

CVE-2022-29359

CVE-2022-29359 affects School Club Application System v0.1. It describes a stored XSS vulnerability in /scas/?page=clubs/application_form&id=7 (or id=7) where an attacker can inject a crafted payload via the firstname parameter to execute arbitrary web scripts/HTML. The issue is confirmed across ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the keywords parameter in the management toolbar search. An attacker can execute arbitrary web scripts or inject HTML by supplying crafted input. Details Cross-site scripting or XSS is a code vulnerability...

GHSA-C8MX-43CQ-993W EC-CUBE Cross-site scripting vulnerability

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom

Withdrawn Advisory This advisory has been withdrawn because the user must configure jsdom to allow access to local files. Original Description JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is...

GHSA-F4C9-CQV8-9V98 Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom

Withdrawn Advisory This advisory has been withdrawn because the user must configure jsdom to allow access to local files. Original Description JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is...

GHSA-H77W-655F-6J3M Silverstripe CMS malicious file upload enables script execution

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

Silverstripe CMS malicious file upload enables script execution

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

Stored XSS vulnerability in Jenkins Deployer Framework Plugin

Deployer Framework Plugin is a framework plugin allowing other plugins to provide a way to deploy artifacts. Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripting XSS vulnerability exploitable by users abl...

GHSA-RM24-25XM-9454 Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window...

Cross-site Scripting (XSS)

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Cross-site Scripting XSS by uploading a specially crafted HTML file. PoC: POST /admin/resources/upload HTTP/1.1 Host: demo-publify.herokuapp.com Cooki...

WordPress plugin WP Statistics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Statistics plugin is vulnerable to a cross-site scripting vulnerability, which stems fro...

Debian DLA-3020-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3020 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 9 stretch, these...

CVE-2020-4047

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1748-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1748-1 advisory. - Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the...

Debian DSA-5141-1 : thunderbird - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5141 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox...

Cisco Common Services Platform Collector 跨站脚本漏洞

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

Cisco Common Services Platform Collector 跨站脚本漏洞

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1731-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1731-1 advisory. - Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin,...

CVE-2022-22777

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the...