CVE-2020-25368

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login...

D-Link DIR-823G 命令注入漏洞

D-Link DIR-823G is an AC1200M dual-band gigabit wireless router.A command injection vulnerability exists in the HNAP1 protocol in D-Link DIR-823G version 1.0.2B05. An attacker can execute arbitrary Web scripts using shell meta characters in the Captcha field of the login section...

ED01-CMS cross-site scripting vulnerability

ED01-CMS is a content management system. A cross-site scripting vulnerability exists in the sposts.php component of ED01-CMS 1.0, which can be exploited by attackers to execute arbitrary web scripts or HTML by inserting specially crafted loads into the Post title or Post content fields...

CVE-2020-18259

ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting XSS vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields...

CVE-2020-18259

ED01-CMS v1.0 contains a reflected XSS in the sposts.php component. Adversaries can inject arbitrary scripts/HTML via crafted payloads in the Post title or Post content, which are reflected and may affect page/script contexts. The CVE-2020-18259 entry cites this vulnerability with both NVD and ot...

CVE-2021-39341

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...

CVE-2021-39340

The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary we...

Authorization

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...

CVE-2021-39341 OptinMonster <= 2.6.4 Unprotected REST-API Endpoints

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...

Google Maps Easy < 1.10.1 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /modules/markergroups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts. Th...

Cross site scripting in froala-editor

A cross site scripting XSS vulnerability in the Insert Video function of Froala WYSIWYG Editor allows attackers to execute arbitrary web scripts or HTML...

CVE-2021-36550

TikiWiki v21.4 was discovered to contain a cross-site scripting XSS vulnerability in the component tiki-browsecategories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module...

CVE-2020-25422

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross site scripting

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2021-36550

CVE-2021-36550 affects TikiWiki v21.4 and stems from a cross-site scripting (XSS) flaw in the tiki-browse_categories.php component. The issue enables an attacker to run arbitrary web scripts or HTML via a crafted payload in the Create category module. The reports cite an XSS susceptibility but do...

CVE-2021-36550

TikiWiki v21.4 was discovered to contain a cross-site scripting XSS vulnerability in the component tiki-browsecategories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module...

CVE-2020-25422

A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2020-22864

A cross site scripting XSS vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-22864

CVE-2020-22864 concerns Froala WYSIWYG Editor, specifically the Insert Video function in version 3.1.0, where a cross-site scripting (XSS) vulnerability exists. The connected documents attribute the root cause to insufficient sanitization of user input in the Insert Video flow (e.g., html.insert)...

Sugarcrm SugarCRM Cross Site Scripting Vulnerability

Sugarcrm SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM Sugarcrm, USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and information sharing and tracking of sales representatives. SugarC...