21 matches found
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...
EUVD-2019-16541
Malware in sbrugna...
EUVD-2019-16717
Malware in sbrugna...
EUVD-2019-16543
Malware in sbrugna...
EUVD-2022-5626
Malicious code in bioql PyPI...
EUVD-2022-2122
Malicious code in bioql PyPI...
EUVD-2022-3361
Malicious code in bioql PyPI...
EUVD-2022-4895
Malicious code in bioql PyPI...
EUVD-2022-5299
Malicious code in bioql PyPI...
CVE-2020-10114
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor SEC-535...
CVE-2019-6990
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones=zoneImage∣=1 URI...
CVE-2019-6992
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI...
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies...
CVE-2024-47536 starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0...
Croogo vulnerable to XSS in Blog field
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...
CVE-2019-7172
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...
CVE-2019-7173
Croogo is affected by a stored-self XSS vulnerability in the title field of the Attachment page (/admin/file-manager/attachments/edit/4). Affected versions include Croogo prior to 3.0.7 (v3.0.5 referenced; OSV notes vulnerability before 3.0.7). The root cause is reflected in multiple sources desc...
CVE-2019-7170
Affected software: Croogo CMS (versions up to 3.0.5). Vulnerability: Stored-self XSS in the article/title handling, exploitable via the vulnerable Title field submitted to /admin/taxonomy/vocabularies. Impact (as stated): Attacker can execute HTML/JavaScript in a victim’s browser. Root cause (as ...
CVE-2019-6990
CVE-2019-6990 is a stored-self XSS in ZoneMinder up to version 1.32.3, triggered via a crafted Zone NAME in the URL index.php?view=zones&action=zoneImage&mid=1. The vulnerability affects web/skins/classic/views/zones.php. Exploitation could allow HTML/JavaScript execution in the vulnerable field....
CVE-2019-6992
CVE-2019-6992 is a stored-self XSS in ZoneMinder up to version 1.32.3, via web/skins/classic/views/controlcaps.php. An attacker can inject HTML/JavaScript by exploiting a long NAME or PROTOCOL in index.php?view=controlcaps, resulting in code execution in the vulnerable field. Exploitation details...