Faction 安全漏洞

Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for attachment file names during the evaluation file preview...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the improper cleaning of user input when adding pages through the menu management feature, which could lead to...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input handling in the group and role management functions, which could lead to storage-based cross-sit...

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. Versions of Statamic prior to 6.6.2 had a cross-site scripting vulnerability. This vulnerability stemmed from a...

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce prior to 5.5.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper HTML escaping during the rendering of the Name field on the Commerce...

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability stems from the address line 1 field in the inventory location not bei...

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability arises due to the transport category names and descriptions being...

WordPress plugin Stripe Green Downloads 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

74cms 存储型xss

No description provided by source...

shopnc最新版存储型xss漏洞

简要描述： shopnc存储型xss漏洞 详细说明： shopnc版本测试http://www.shopnctest.com/c2c/2013/demo/ shopnc用户个人主页处存在存储型XSS，可以获取用户敏感cookie信息。 在买家首页，分享心情处 测试代码为:"alertdocument.cookie// cookie收信平台 "alertdocument.cookie/ 如图 漏洞证明： 如上描述...