Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

GHSA-6QJM-39VH-729W Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.20 or apply this patch manually...

Cross site scripting

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...

Cross site scripting

OS4ED openSIS 8.0 is affected by cross-site scripting XSS in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user...

CVE-2021-40637

OS4ED openSIS 8.0 is affected by cross-site scripting XSS in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user...

Meredith: Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain

Hii Security Team , I am S Rahul MCEHMetaxone Certified Ethical Hacker and a Security Researcher I just checked your website and found Reflected XSS to Good XSS Clickjacking In Two Domain Description:- As the search parameter is vulnerable to XSS and but the plus point is there is no...

Directory traversal

In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value...

CVE-2020-29666

In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value...

Savsoft Quiz 5 - 'field_title' Stored Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - 'fieldtitle' Stored Cross-Site Scripting Date: 2020-09-02 Exploit Author: Dhruv Pateldhruvp111296 Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10 Attack vector: This...

Savsoft Quiz 5 Cross Site Scripting

Exploit Title: Savsoft Quiz 5 - 'fieldtitle' Stored Cross-Site Scripting Date: 2020-09-02 Exploit Author: Dhruv Pateldhruvp111296 Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10 Attack vector: This...

CVE-2019-13341

In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php comment box, which can be used to get a user's cookie...

CVE-2019-13341

In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php comment box, which can be used to get a user's cookie...

CVE-2019-13340

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186...

Cross site scripting

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186...

Cross site scripting

In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php comment box, which can be used to get a user's cookie...

CVE-2019-13341

In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php comment box, which can be used to get a user's cookie...

CVE-2019-13340

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186...

CVE-2019-13339

In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php content box, which can be used to get a user's cookie...

Cross site scripting

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520...

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Process Portal (CVE-2015-0105)

Summary IBM Business Process Manager is vulnerable to cross-site scripting, which is caused by the improper validation of user-supplied input. A remote attacker might exploit this vulnerability using a specially crafted URL to execute a script in a user's web browser within the security context o...