PT-2024-19560 · Wallos · Wallos

Name of the Vulnerable Software and Affected Versions: Wallos version 0.9 Description: The issue concerns Cross Site Scripting XSS in text-based input fields due to a lack of proper validation, excluding fields that require specific formats like date fields. Recommendations: For Wallos version 0....

Cross-site Scripting (XSS) - Generic in forkcms/library

✍️ Description Please enter a description of the vulnerability. XSS is possible when the option allowHTML was set to true for text inputs and textfields 🕵️‍♂️ Proof of Concept http://demo.fork-cms.com/en/search?form=search&qwidget=%22%3E%3Csvg/onload=alertdocument.domain%3E 💥 Impact XSS attacks can...

DRUPAL-CONTRIB-2019-062

This module improves the Drupal login page with the new features and layout. The module doesn't sufficiently filter input text in the administration pages text configuration inputs. For example, the login text field. The vulnerability is mitigated by the fact it can only be exploited by a user wi...

opera -- multiple vulnerabilities

Opera Software ASA reports about multiple security fixes: Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. Image properties can no longer be used to execute scripts, as reported by Max Leonov. Fixed an issue where the...