CVE-2024-22494

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22493

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22492

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22494

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML...

Cross site scripting

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML...

Cross site scripting

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...

Cross site scripting

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22492

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22494

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2024-22493

CVE-2024-22493 is a stored XSS vulnerability in JFinalcms 5.0.0 exploitable via the /gusetbook/save endpoint, specifically through the content parameter. Multiple connected sources confirm the same flaw and context, indicating that remote attackers can inject arbitrary script or HTML. The impact ...

CVE-2024-22492

CVE-2024-22492 describes a stored XSS vulnerability in JFinalCMS 5.0.0. The issue is exploitable via the /gusetbook/save contact parameter, allowing remote attackers to inject arbitrary web script or HTML. The CVE entry notes a network-based vector with low attack complexity and requires user int...

CVE-2024-22494

CVE-2024-22494 is a stored XSS in JFinalcms 5.0.0 exploited via the /gusetbook/save mobile parameter. The vulnerability allows remote attackers to inject arbitrary web script or HTML into victims’ browsers due to improper input handling of the mobile field. Public details in the provided document...

CVE-2024-22493

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML...

Cross site scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Online Job Portal Cross-Site Scripting Vulnerability

Online Job Portal is an online job search portal. A cross-site scripting vulnerability exists in Online Job Portal version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter News in /Admin/News.php, which can be exploited by an attacker to...

GetSimple CMS Cross-Site Scripting Vulnerability

GetSimple CMS is a content management system CMS written in PHP. A cross-site scripting vulnerability exists in GetSimple CMS version 3.3.16, which stems from the lack of effective filtering and escaping of user-supplied data when adding articles to the /admin/edit.php page, and can be exploited ...

WireMock Cross-Site Scripting Vulnerability

WireMock is WireMock open source a popular API simulation test open source tool . WireMock cross-site scripting vulnerability , the vulnerability stems from the logging function of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by...

CVE-2020-26623

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the AdministrationWidget tab after the login portal...

IBM Aspera Console Cross-Site Scripting Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Aspera Console that stems from the application's lack of effective filtering and escaping of user-supplied...

CVE-2023-45957

A stored cross-site scripting XSS vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e-getMessage error mishandling...