30 matches found
EUVD-2026-36041
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...
CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...
PT-2026-39507
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...
Payload-XSS
Payload-XSS Daftar Isi 1. Payload Dasar 1-20payload-...
Mozilla Thunderbird < 78.3
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-44 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting i...
Mozilla Thunderbird < 78.3
The version of Thunderbird installed on the remote Windows host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-44 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a...
EUVD-2022-4734
Malicious code in bioql PyPI...
CVE-2024-55492
Winmail Server 4.4 is vulnerable to fuser=%22%3E%3Csvg%20onload Cross Site Scripting XSS...
CVE-2023-2521
A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input leads to cross site scripting. It is possible to...
SUSE CVE-2020-15676
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...
GHSA-WP32-WQ34-2RQH dijit editor cross-site scripting vulnerability
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...
Gallery Photoblocks < 1.1.41 - Unauthenticated Reflected XSS
Also Full Path Disclosure depending on the configuration of the server https:///wp-content/plugins/photoblocks-grid-gallery/admin/partials/photoblocks-edit.php?id="...
The vulnerability of the dijit.Editor text editor module library simplifies the development of JavaScript- or AJAX-based applications and websites using the Dojo Toolkit. This vulnerability allows attackers to perform cross-site scripting attacks.
The vulnerability of dijit.Editor, a text editor that is part of the modular library for simplifying the development of JavaScript- or AJAX-based applications and Dojo Toolkit websites, is related to the unsafe use of the onload attribute for SVG elements. Exploiting this vulnerability could allo...
blackberryhill.farmvisit.com XSS vulnerability
Open Bug Bounty ID: OBB-653565 Description| Value ---|--- Affected Website:| blackberryhill.farmvisit.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
aracmuaye.gamerch.com XSS vulnerability
Open Bug Bounty ID: OBB-651139 Description| Value ---|--- Affected Website:| aracmuaye.gamerch.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
poketoru.gamerch.com XSS vulnerability
Open Bug Bounty ID: OBB-644202 Description| Value ---|--- Affected Website:| poketoru.gamerch.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...