Cross site scripting

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2023-31544

CVE-2023-31544 describes a stored Cross-site Scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 . The issue arises when a crafted payload is injected into the Title field in the Upload Image module , allowing an attacker to execute arbitrary web scripts or HTML in affected contexts. The C...

Stored Cross-Site Scripting (XSS)

backdrop/backdrop is vulnerable to Stored Cross-Site Scripting XSS attacks. A remote admin authenticated attacker is able to inject arbitrary web scripts or HTML through the name argument in Text Editors and Formats, modifying any sort of material, which allows the stored XSS payload to be execut...

Duplicate Advisory: PrestaShop Cross-site Scripting vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-95hx-62rh-gg96. This link is maintained to preserve external references. Original Description A cross-site scripting XSS vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or...

CVE-2023-30057

Multiple stored cross-site scripting XSS vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload...

Ruby: Stored XSS in RDoc hyperlinks through javascript scheme

Vulnerability description not provided...

Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Vulnerability

Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction ================= A...

Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module

Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction...

CVE-2023-30093

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

Cross-site scripting in TotalJS

A stored cross-site scripting XSS vulnerability in TotalJS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...

CVE-2023-30096

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field...

CVE-2023-30097

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field...

CVE-2023-30095

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field...

Cross site scripting

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field...

CVE-2023-30184

A stored cross-site scripting XSS vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment...

CVE-2023-30184

A stored cross-site scripting XSS vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment...

Stored cross site scripting in Microbin

A cross-site scripting vulnerability XSS in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-27075

A cross-site scripting vulnerability XSS in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-27075

A cross-site scripting vulnerability XSS in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...