6 matches found
CVE-2022-41679 Cross-site scripting in Forma LMS version
Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “backurl” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to...
Cross-site Scripting (XSS)
francoisjacquet/rosariosis is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists because the FileExtensionWhiteList function in FileUpload.fnc.php does not restrict unsanitized SVG files from being injected, which allows an attacker to execute malicious javascript and steal...
Cross-site Scripting in facturascripts
Reflected cross-site scripting using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.08. This can lead to theft of a user's cookies, which in turn could lead to account takeover or do other malicious activities in a victim's browser...
Insertion of Sensitive Information Into Debugging Code
Description Laravel debug mode exposes sensitive data, eg: internal source codes, stack traces, sql queries, databases names, tables names, user's cookies, email, phone number, username, laravel version, php version, etc Proof of Concept 1. Login into http://demo.microweber.org 2. Navigate to thi...
Stored XSS Vulnerability in the Open Source Version of Mad God's Little Community
Mad God's small community open source version is a Springboot-based open source community management system . Mad God's small community open source version of the existence of stored XSS vulnerability , an attacker can use the vulnerability to obtain the user's cookie information...
CVE-2017-15686
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting XSS, which allows remote attackers to steal users’ cookies...