The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.

The vulnerability of the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code and script code in the user’s browser, within the context of the...

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. The vulnerabilities allow an authenticated malicious person to execute scripts without having the necessary permissions to do so. In addition, a malicious person with inactive account could bypass a security measure that allows access to the account to be...

CVE-2021-20727

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr...

PHP Factory MailForm01 跨站脚本漏洞

php factory MailForm01 is a free PHP mail form program from PHP Factory Japan that can be easily installed with just one file. A security vulnerability exists in MailForm01 versions prior to 2021-05-20, which stems from insufficient harmless handling of user-supplied data. An attacker can exploit...

PHP Factory Telop01 跨站脚本漏洞

php factory Telop01 is a simple PHP program from Japan's PHP Factory that displays subtitles, news tickers and headlines in flowing characters on the home page and any page. A security vulnerability exists in Telop01 1.0.1, which stems from insufficient sanitization of user-supplied data in the...

CVE-2021-32622

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

Design/Logic Flaw

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

CVE-2021-32622

CVE-2021-32622 affects the Matrix-React-SDK (Matrix-React-SDK) prior to version 3.21.0. The vulnerability arises during file uploads: when a user previews an uploaded file, scripts embedded in the file can execute, but only for the local user and only after several user interactions to open the p...

Moodle 跨站脚本漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site scripting vulnerability exists in Moodle, which can be exploited to inject and execute arbitrary HTML and script code in ...

CVE-2021-20717

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

Cross site scripting

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

CVE-2021-20717

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 May 10, an attack exploting this vulnerability has been observed in the wild...

PT-2021-19681 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle version 3.10.3 Description: The issue allows remote attackers to execute arbitrary web script or HTML via the Description field, which is a Cross Site Scripting XSS issue. Recommendations: For Moodle version 3.10.3, update to a newer...

MTN Group: Cross-Site Request Forgery (CSRF) to xss

hello dear support i have found csrf to xss on https://dailydeals.mtn.co.za/index.cfm?GO=DEALS URL:https://dailydeals.mtn.co.za/index.cfm?GO=DEALS URL encoded POST input CFID was set to fbe8c86c-c0b2-4421-8ca2-dcfc14763d6e" HTTP request ============ POST /index.cfm?GO=DEALS HTTP/1.1 Host:...

CVE-2021-1455

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...

Content-Security Policy (CSP) Bypas

firefox is vulnerable to content-security policy bypass. Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allows the execution of scripts that should have been blocked...

Cisco Firepower Management Center 跨站脚本漏洞

Cisco Firepower Management Center FMC is the next-generation firewall management center software from Cisco. Cisco Firepower Management Center: 6.4.0.11 A cross-site scripting vulnerability exists, which originates from an authenticated, remote attacker who can trick a victim into following a...

safe FME Server 跨站脚本漏洞

safe FME Server is an application from safe Canada. A web data conversion application. A cross-site scripting vulnerability exists in safe FME Server that could allow a remote attacker to inject arbitrary web script or HTML code execution by modifying the username...

CVE-2020-21987

HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting XSS. XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's...