27433 matches found
Cross-site Scripting in Backdrop CMS
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
CVE-2023-31045
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
Cross site scripting
DISPUTED A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload i...
AeroCMS Cross-Site Scripting Vulnerability (CNVD-2023-32025)
AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 suffers from a cross-site scripting vulnerability that stems from the commentauthor and commentcontent parameters of /post.php failing to properly validate user input. An attacker can exploit this...
CVE-2023-31045
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
CVE-2023-31045
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
Checkmk Cross-Site Scripting Vulnerability (CNVD-2023-32769)
Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk Appliance versions prior to 1.6.4, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML by injecti...
chatwoot Cross-Site Scripting Vulnerability (CNVD-2023-29696)
chatwoot is an application. Customer Engagement Suite, an open source alternative to intercom, Zendesk, Salesforce Service Cloud, etc. A cross-site scripting vulnerability exists in chatwoot versions prior to 2.14.0. The vulnerability stems from the application's lack of effective filtering and...
Campcodes Advanced Online Voting System Cross-Site Scripting Vulnerability
Campcodes Advanced Online Voting System is an online voting system. A cross-site scripting vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter title of the file...
Campcodes Online Traffic Offense Management System Cross-Site Scripting Vulnerability (CNVD-2023-29408)
Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A cross-site scripting vulnerability exists in Campcodes Online Traffic Offense Management System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied...
chatwoot 跨站脚本漏洞
chatwoot is an application. Customer Engagement Suite, an open source alternative to intercom, Zendesk, Salesforce Service Cloud, etc. A cross-site scripting vulnerability exists in chatwoot versions prior to 2.14.0. The vulnerability stems from the application's lack of effective filtering and...
Online Computer and Laptop Store Cross-Site Scripting Vulnerability (CNVD-2023-29382)
Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A cross-site scripting vulnerability exists in Online Computer and Laptop Store v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the Brand...
Campcodes Advanced Online Voting System 跨站脚本漏洞
Campcodes Advanced Online Voting System is an online voting system. A cross-site scripting vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter title of the file...
Cross site scripting
Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...
IBM TRIRIGA Application Platform Cross-Site Scripting Vulnerability (CNVD-2024-01175)
The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from International Business Machines IBM. The platform provides a set of design-time and run-time components for building and running its enterprise-class applications, respectively, and...
CVE-2023-23277
Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...
Cross site scripting
A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...
SQL Monitor 12.1.31.893 Cross Site Scripting
Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting XSS Date: 12/21/2022 02:07:23 AM UTC Exploit Author: [email protected] Vendor Homepage: https://www.red-gate.com/ Software Link: https://www.red-gate.com/products/dba/sql-monitor/ Version: SQL Monitor 12.1.31.893 Tested on: Window...
Apache Archiva Cross-Site Scripting Vulnerability (CNVD-2023-23556)
Apache Archiva is a suite of software from the Apache Foundation for managing one or more remote stores. A cross-site scripting vulnerability exists in versions of Apache Archiva prior to 2.0 to 2.2.10. The vulnerability creates directory names that lack effective filtering and escaping of...
CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...