26 matches found
CVE-2021-47931
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...
CVE-2025-11859
CVE-2025-11859 affects the WordPress plugin Paypal Donation Shortcode (versions
EUVD-2022-30762
Malicious code in bioql PyPI...
EUVD-2022-46381
Malicious code in bioql PyPI...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
CVE-2022-41431
xzs v3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
CVE-2022-26198
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...
Enhavo Cross-site Scripting vulnerability
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
CVE-2024-25876
A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
CVE-2023-43824
A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code...
CVE-2022-41431
xzs v3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...
NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a gallery with at least one image, pu...
Code injection
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...
CVE-2022-26198
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...
CVE-2020-19202
An authenticated Stored XSS Cross-site Scripting exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 x8664 - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the...
Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting Vulnerability
Exploit for windows platform in category web applications Issue: Serv-U FTP Server 15.1.7 Persistent Cross Site Scripting Vulnerability CVE: CVE-2019-13182 Security researcher: Richard Tan @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.7 Fixed in: Serv...
CVE-2019-7413
In the Parallax Scroll aka adamrob-parallax-scroll plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. "parallax" has a spelling change within the PHP filename...
CVE-2019-7413
In the Parallax Scroll aka adamrob-parallax-scroll plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. "parallax" has a spelling change within the PHP filename...