CVE-2023-23024

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter...

CVE-2022-43120

A cross-site scripting XSS vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field...

CVE-2022-41472

74cmsSE v3.12.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field...

CVE-2022-40044

Centreon v20.10.18 was discovered to contain a cross-site scripting XSS vulnerability via the escname Escalation Name parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

Liferay Portal and Liferay DXP Vulnerable to XSS via Tag Name

A cross-site scripting XSS vulnerability in Liferay Asset Taglib before v6.1.9 from Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag...

Cross site scripting

A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...

PT-2022-22984 · Inductive Automation · Inductive Automation Ignition

Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition version 8.1.15 b2022030114 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

CVE-2022-21650 Stored XSS via html file upload in convos

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...

CVE-2020-19950

A cross-site scripting XSS vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the wikimacrocontent executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inje...

Malicious Package

Overview ardmvalidations is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

PT-2020-7588 · Docker · Docker

Name of the Vulnerable Software and Affected Versions: Docker versions prior to 1.6.0 Description: An issue was found where some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. This poses a risk due to the lack of encryption and authentication in...

Zabbix 2.0.1 and Earlier Session Extractor 0day

Exploit for php platform in category web applications !/usr/bin/python import re import sys,urllib2,urllib print "\n Zabbix 2.0.1 Session Extractor 0day" print " http://www.offensive-security.com" print "\n" ''' The sessions found by this tool may allow you to access the scripts.php file. Through...

CVE-2008-3836

CVE-2008-3836 affects Mozilla Firefox prior to 2.0.0.17. The vulnerability exists in feedWriter and allows remote attackers to run scripts with chrome privileges through feed preview-related vectors, specifically via functions elem.doCommand, elem.dispatchEvent, _setTitleText, _setTitleImage, and...

MacOS X browsers files overwriting and scripts execution (multiple bugs)

By using vulnerability in telnet: protocol handling it's possible to add -f option to telnet command line. help: protocol handler allows scripts execution via help: command...

Mozilla FTP View Cross-Site Scripting Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 + Title: Mozilla FTP View Cross-Site Scripting Vulnerability + Date: 4 August 2002 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Windows2000 SP2 Mozilla 1.0 + Not vulnerable: Windows2000 SP2 Mozilla 1.1 Beta +...

CGIWrap 2.x/3.x - Cross-Site Scripting

source: https://www.securityfocus.com/bid/3081/info CGIWrap is a free, open-source program for running CGI securely. CGIWrap does not filter embedded scripting commands from user-supplied input. A web user may submit a malicious link into any form which displays user-supplied input, such as...

CVE-2000-1104

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 CVE-2000-0746 allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those...