Stored HTML Injection

Team, I hope you are all doing well. . I wanted to bring to your attention a potential vulnerability on the website https://mainnet.demo.btcpayserver.org/account/apikeys. . During my research, I discovered that the api key label field is vulnerable to a stored HTML injection attack. Proof of...

WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles...

WordPress WooCommerce Plugin < 6.6.0 Stored HTML Injection Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-2099 WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles...

PT-2022-14857 · WordPress · Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce WordPress plugin versions prior to 6.6.0 Description: The issue is related to stored HTML injection due to a lack of escaping and sanitizing in the payment gateway titles. This allows for potential malicious code injection...

WooCommerce < 6.6.0 - Admin+ Stored HTML Injection

The plugin is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles PoC Go to WooCommerce - Settings - Payments tab, enable BAC Bank Account Transfers and edit the title in the setup dialog. HTML can be injected there, and will be rendered both f...

Moodle Stored HTML in assignment submission comments allowed links to be opened directly

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

CVE-2021-30057

A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...

CVE-2021-30057

A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

CVE-2020-26049

CVE-2020-26049 affects Nifty-PM CPE 2.3 and is due to stored HTML injection in a component/feature, enabling remote arbitrary code execution as described in the CVE overview. The connected Red Hat advisory and NVD entries corroborate the impact as remote code execution via stored HTML injection. ...

Niftypm Injection Vulnerability

Niftypm is a project management application from Niftypm USA. The application centralizes modern work content and supports features such as chat, tasks, documents, calendars, meetings, and more. Niftypm CPE 2.3 suffers from an injection vulnerability that originates from remote arbitrary code...

U.S. Dept Of Defense: CSRF to Stored HTML injection at https://www.█████

Description: I have found out that on the https://www.███████ domain, you initiate POST request in order to look up for case studies, the parameter keyword on the request, allows the usage of bad characters such as Click here to win 1000$!" 3. Save the POST request and craft CSRF payload. HTML...

SolarWinds Orion Platform HTML Injection Vulnerability

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. An...

CVE-2019-12863

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 allows Stored HTML Injection by administrators via the Web Console Settings screen...

CVE-2019-12863

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 allows Stored HTML Injection by administrators via the Web Console Settings screen...