HTML Injection

docassemblewebapp is vulnerable to HTML injection. The vulnerability is due to improper handling of user-added HTML including user's name field, allowing the input to be displayed on the screen as HTML which can also include...

Stored XSS on user's name

Description Paste the payload XSS into the Name or Last name field. XSS vulnerability will trigger. Proof of Concept https://drive.google.com/file/d/1hoZkCxzTQbcIDy28hKJyjyrOD1Pcaaz0/view?usp=sharing...

Cross site scripting

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

Stored xss in "users name","functions name","storage buckets name" and in "database collections name"

Description Appwrite application allows malicious javascript payload to inject in users name,functions name,storage buckets name and in database collections name which leads to Stored XSS. Proof of Concept 1.Login to the application 2.Go to the "users name","functions name","storage buckets name"...

Improper handling of Length parameter

Description There was no restriction on the amount of text that can be inserted into a user's name field. When the text size was large enough the service resulted in a momentary outage in our non-production environment not high availability. An internal reproduction showed isolated disruption but...

Open-xchange OX App Suite Information Disclosure Vulnerability (CNVD-2021-90765)

Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company that allows users to more intuitively manage email, tasks, files, etc. An information disclosure vulnerability exists in Open-xchange OX App Suite. An information disclosure...