5210 matches found
CVE-2024-44716
A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-44919
A cross-site scripting XSS vulnerability in the component adminads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter...
CVE-2024-7606
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Kashipara Hotel Management System Cross-Site Scripting Vulnerability (CNVD-2024-37411)
Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the roomname parameter of...
CVE-2024-44717
A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-44717
A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-44919
CVE-2024-44919 affects SeaCMS v12.9, specifically the admin_ads.php component. The documents describe a cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter. The vulnerability is co...
CVE-2024-44716
A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-44716
A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross Site Scripting(XSS)
fastapi-admin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation of the Product Name parameter in the Config-Create function, allowing attackers to inject and execute arbitrary web scripts or HTML...
Cross Site Scripting
fastapi-admin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of the Product Name parameter in the Create Product function, which allows attackers to inject and execute arbitrary web scripts or HTML...
CVE-2024-44796
A cross-site scripting XSS vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...
CVE-2024-44797
A cross-site scripting XSS vulnerability in the component /managers/enablerequests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter...
CVE-2024-44794
A cross-site scripting XSS vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function
A cross-site scripting XSS vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function
A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-42816
A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-44794
A cross-site scripting XSS vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...
CVE-2024-42816
A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-44793
Gazelle CVE-2024-44793 is an XSS in the component /managers/multiple_freeleech.php (commit 63b3370) where a crafted payload in the torrents parameter allows execution of arbitrary web scripts/HTML. Affected software is the Gazelle web framework used by private BitTorrent trackers; the vulnerabili...