154 matches found
GHSA-R7MM-JX6H-HV7M Cross-site Scripting (XSS) in Conditions tab of Pricing Rules
Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...
Flying Spin eBook Reader Windows Client has xss Vulnerability
Fly Turn eBook Reader is a powerful tool for reading and managing eBooks. An xss vulnerability exists in the Windows client of FlyTurn eBook Reader, which can be exploited by an attacker to obtain user cookie information...
Reddit: Reflected XSS via File Upload
Vulnerability description not provided...
Unspecified Vulnerability in Intelbras SG 2404 MR
The Intelbras SG 2404 MR is a switch with network management features from Intelbras, Brazil. A security vulnerability exists in Intelbras SG 2404 MR version 20180928-rel64938. An authenticated attacker can exploit the vulnerability to create an administrator account via a specially crafted user...
UBUNTU-CVE-2022-30769
Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...
PT-2022-26020 · Forma Lms · Forma Lms
Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows a remote attacker to inject javascript code on the back url parameter in the "appLms/index.php?modname=faq&op=play" function, potentially leading to the theft of user cookies...
Unauthorized Password Change
Octoprint does not prevent unauthenticated password changes. The vulnerability is due to the API not requiring the previous user password during the reset. An attacker with access to the user cookie can reset the password without knowledge of the current password...
XSS on URL recorder
Description Hi Team , I found XSS vulnerability in url recorder https://conifer.rhizome.org/"USERNAME"/default-collection/ Proof of Concept Image : https://ibb.co/dBr0QQr...
XSS Vulnerability in Wanfang Database App and Wanfang Database PC
Wanfang Database is a large-scale network database developed by Wanfang Data Corporation, covering journals, conference proceedings, theses, academic achievements, academic conference papers, and is also a professional academic database in China, which is on a par with China Knowledge Network...
CVE-2022-1445
Stored Cross Site Scripting vulnerability in the checkedoutto parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie...
Cross site scripting
Stored Cross Site Scripting vulnerability in the checkedoutto parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie...
CVE-2022-1445 Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it
Stored Cross Site Scripting vulnerability in the checkedoutto parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie...
GHSA-P885-PRV3-M4XV Cross-site Scripting in snipe-it
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...
Cross-site Scripting in snipe-it
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...
Cross site scripting
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...
CVE-2022-1380 Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...
Cross-site Scripting (XSS)
pimcore is vulnerable to cross-site scripting. The vulnerability exists due to a lack of content security policy allowing an attacker to exposing the user cookie...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
Description Cross site scripting vulnerability in pimcore,pimcore field, it is fixed in this commit 832c34 , but still it is executing xss .Icon field in events and news Proof of Concept 1 . Login to the demo account https://10.x-dev.pimcore.fun/admin/ 2. Go to settings --data objects -- classes ...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Description Livehelperchat is vulnerable to stored cross site scripting. Proof of Concept 1 . Login to the demo account 2 . Go to settings -- Live help configuration --Visual settings for the visitor -- widget theme --new -- name field 3 . Add payload in name field and click save 4 . Go to settin...
Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
Description Reflected cross site scripting vulnerability in pimpore/pimcore , it is in group field in Field collections and objectbricks in settings module. Proof of Concept 1 .Login to demo account 2 . Go to settings module --data objects --object bricks or Field collection -- edit any one and a...