5210 matches found
Code injection
sz.chat version 4 allows injection of web scripts and HTML in the message box...
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box...
CVE-2021-3279
The CVE-2021-3279 entry concerns sz.chat v4, where the message box allows injection of web scripts and HTML. Connected sources (Red Hat, CNVD, CVE listings, CNNVD, PRION) confirm the affected product and issue but do not provide a detailed root cause, exploited vectors, or a remediation. The vuln...
CVE-2020-29146
A cross site scripting XSS vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header...
Cross site scripting
A cross site scripting XSS vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header...
CVE-2020-25875
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...
CVE-2020-25877
A stored cross site scripting XSS vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter...
CVE-2020-35984
A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter...
CVE-2021-35358
A stored cross site scripting XSS vulnerability in dotAdmin//c/cImages of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters...
CVE-2021-35358
A stored cross site scripting XSS vulnerability in dotAdmin//c/cImages of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters...
CVE-2020-25876
A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...
CVE-2020-25392
A cross site scripting XSS vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin...
Cross site scripting
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module...
Cross site scripting
A stored cross site scripting XSS vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter...
Cross site scripting
A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...
Cross site scripting
A stored cross site scripting XSS vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter...
Cross site scripting
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...
Cross site scripting
A stored cross site scripting XSS vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter...
Cross site scripting
A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter...
Cross site scripting
A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...