5 matches found
LibreNMS allows stored XSS in Alert Template name field
Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS alertdocument.cookie/script and filling the other fields with arbitrary content e.g., test, once the template is saved, the script is executed. This confirms that user input is stored and later rendered without proper outp...
CVE-2023-47097
A Stored Cross-Site Scripting XSS vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates...
PT-2023-30305 · Unknown · Virtualmin
Name of the Vulnerable Software and Affected Versions: Virtualmin version 7.7 Description: A Stored Cross-Site Scripting XSS issue in the Server Template under System Setting in Virtualmin allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating...
CVE-2020-15020
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field...
CVE-2020-15020
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field...