CVE-2025-49557

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...

CVE-2024-34128

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-36177 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2023-51464 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

GHSA-QMP9-2XWJ-M6M9 Blind SQL injection in shopware

Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this...

CVE-2023-48577

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-48505 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

HTTP Commander 3.1.9 Cross Site Scripting

Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Date: 07/01/2022 Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS ...

Helpful < 4.4.59 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the System Miscellaneous Custom Timezone setting of the plugin: " The XSS...

Company's Recruitment Management System 1.0 - (description) Stored XSS Vulnerability

Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting XSS Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Software Link:...

Request a Quote < 2.3.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. As admin, put the below payloads in the related vulnerable field/s and save them there i...

Prototype Pollution

field is vulnerable to Prototype Pollution. Failure to sanitize the field in the levelUp function and moveUp function allows for injection of arbitrary properties into existing construct prototypes and modification of attributes such as proto, constructor and prototype...

New Relic: Reflected XSS on Signup Page

Hello Team, I have found a reflected XSS on Signup Page i.e. on https://newrelic.com/signup. Please find the below details. Vulnerable URL: https://newrelic.com/signup Vulnerable Field: Your Email Address Vulnerable Parameter: email Parameter Type: POST Payload used: Browser used: Mozilla Firefox...

Simple Posting System 1.0 Final Local File Inclusion

Exploit Title: Simple Posting System Multiple Google Dork: inurl:sps.php?old= or inurl:sps.php " Date: 14/03/2012 Author: n0tch aka andmuchmore Software Link: http://realize.be/files/sps.tar.gz Version: 1.0 Final Tested on: Windows 7 / LinuxUbuntu +-- LFI --+...

Max's Guestbook 1.0 Local File Inclusion / Path Disclosure

Exploit Title: Maxs Guestbook Google Dork: "Powered by PHP F1" Date: 14/03/2012 Author: n0tch aka andmuchmore Software Link: http://www.phpf1.com/download.html?dl=18 Version: 1.0 Tested on: Windows 7 / LinuxUbuntu +-- LFI --+...

prestashop vuln: sql injection

Vulnerable software and vendor Prestashop verion: 1.3.3 - 0.246s Vulnerable File Vulnerable Field category.php idcategory cart.php idproduct product.php idproduct 2. Vulnerability classification Sql Injection 3. Vulnerability details and reproduction steps, if you want to disclosure it. just...