7 matches found
CVE-2026-3673 Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer
An authenticated attacker can store a crafted tag value in usertags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects...
GHSA-747V-52C4-8VJ8 Contao: Unencoded insert tags in the frontend
Impact It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Do not output the submitted form data on the website. References...
Paessler PRTG Network Monitor 跨站脚本漏洞
Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A cross-site scripting vulnerability exists in PRTG Network Monitor version 22.2.77.2204, which originates from the fact that it does not block custom input for device icons and can...
CVE-2019-1010310
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools Reminder Description .. Set the...
VideoScript 3.0 4.1.5.55 - Unofficial Shell Injection
VideoScript 3.0 4.1.5.55 - Unofficial Shell Injection ?php ============================================= = x VideoScript 3.0 = 4.1.5.55 Unofficial Shell Injection Exploit = = x by G4N0K = ============================================= errorreportingEALL; $G4N0K...
[Full-Disclosure] RS-2004-2: "Content-Type" XSS vulnerability affecting other webmail systems
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =============================== - RS-Labs Security Advisory - =============================== Tittle: "Content-Type" XSS vulnerability affecting other webmail systems ID: RS-2004-2 Severity: Medium / High - Arbitrary tags injection in victim's browser...
/search/index.cfm crossite scripting
/search/index.cfm allows insert HTML tags via search paramter...