S-CMS Cross-Site Scripting Vulnerability (CNVD-2021-58259)

S-CMS is a product developed by Zibo Shining Network Technology Co., Ltd. that provides solutions for building enterprise websites. /app/formadd/ in S-CMS 3.0 has a stored cross-site scripting vulnerability that can be exploited to execute arbitrary Web scripts or HTML via the title entry text bo...

CVE-2020-20699

S-CMS PHP v3.0 has a cross-site scripting (XSS) vulnerability exploitable via the Copyright field in Basic Settings, allowing arbitrary web scripts/HTML execution. The vulnerability is consistently described across NVD/Red Hat/CNNVD/CNVD feeds as CVE-2020-20699, with no connected document providi...

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

Cross site scripting

Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...

Cross site scripting

Multiple stored cross site scripting XSS vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number...

CVE-2021-25791

Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...

CVE-2021-3159

A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...

CASAP Automated Enrollment Cross-Site Scripting Vulnerability (CNVD-2021-57776)

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization in the United States. The purpose of the project is to provide CASAP with an automated enrollment system to streamline the school process and make it more effective, efficient and easy to retrieve...

Piwigo Cross-Site Scripting Vulnerability (CNVD-2021-54383)

Piwigo is a set of Web-based open source photo gallery software. Piwigo version 2.10.1 has a cross-site scripting vulnerability that allows attackers to execute arbitrary Web scripts or HTML...

CASAP Automated Enrollment Cross-Site Scripting Vulnerability (CNVD-2021-57773)

CASAP Automated Enrollment is an automated enrollment system from the CASAP organization. The purpose of the project is to provide CASAP with an automated enrollment system to streamline the school process and make it more effective, efficient and easy to retrieve. A security vulnerability exists...

CASAP Automated Enrollment 跨站脚本漏洞

CASAP Automated Enrollment is an automated enrollment system from the CASAP organization. The goal of the project is to provide CASAP with an automated enrollment system to streamline the school process and make it more effective, efficient and easily retrievable. SourceCodester CASAP Automated...

CVE-2020-22148

A stored cross site scripting XSS vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-22150

A cross site scripting XSS vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

A cross site scripting XSS vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-22150

A cross site scripting XSS vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-22148

A stored cross site scripting XSS vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML...

NewsPlugin < 1.1.0 - CSRF to Stored Cross-Site Scripting

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handlesavestyle function found in the /news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. Note: v1.1.0 Added CSRF to the affected function, but see...

Centreon Cross-Site Scripting Vulnerability (CNVD-2021-53336)

Centreon Merethis Centreon is a set of open source system monitoring tools from Centreon France. A cross-site scripting vulnerability exists in Centreon Platform version 20.10.0, which can be exploited by remote authenticated attackers to inject arbitrary Web scripts or HTML via alias parameters...

CVE-2021-3279

sz.chat version 4 allows injection of web scripts and HTML in the message box...

Code injection

sz.chat version 4 allows injection of web scripts and HTML in the message box...