CVE-2020-26669

A stored cross-site scripting XSS vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update...

iCMS Cross-Site Request Forgery Vulnerability (CNVD-2021-43532)

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in iCMS version 7.0.16. An attacker can exploit this vulnerability to execute arbitrary web scripts...

CVE-2020-26641

A Cross Site Request Forgery CSRF vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts...

Cross site request forgery (csrf)

A Cross Site Request Forgery CSRF vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts...

CVE-2020-26641

CVE-2020-26641: CSRF vulnerability in iCMS 7.0.16 could allow an attacker to execute arbitrary web scripts. The connected sources confirm iCMS 7.0.16 is affected; no remediation details are provided in these documents. Exploitation status, affected versions beyond 7.0.16, and fixes are not specif...

CVE-2020-26641

A Cross Site Request Forgery CSRF vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts...

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34493)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34490)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "name" parameter...

WordPress Larsens Calender plugin cross-site scripting vulnerability

WordPress Larsens Calender is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Larsens Calender plugin version 1.2 and earlier versions, which can be exploited by remote attackers to execute arbitrary web scripts via the "Eintrage hinzufuge...

CVE-2021-27249

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue result...

D-Link DAP-2020 操作系统命令注入漏洞

The D-Link DAP-2020 is a WiFi range extender from D-Link, a Taiwan-based company.TCP Transmission Control Protocol is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by IETF RFC 793. A command injection vulnerability exists in D-Link DAP-2020...

PT-2021-17354

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The flaw exists within the processi...

Cross site scripting

Cross-site scripting XSS vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter...

Kaa IoT Platform 1.2.0 Cross Site Scripting

Exploit Title: Kaa IoT Platform 1.2.0 Cross Site Scripting XSS Vulnerability Date: 2020-10-01 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.kaaproject.org/ Software Link: https://cloud.kaaiot.com/ Version: 1.2.0 Tested on: Kali Linux 2020.3 CVE: CVE-2020-26701 Proof Of Concept:...

Cross-site Scripting (XSS)

markdown-it-katex is vulnerable to cross-site scripting. The vulnerability exists in index.js once the parser return an error it returns katex without sanitizing as HTML tags, allowing a malicious user to inject and execute arbitrary web scripts...

Cross-site Scripting (XSS)

sonata-project/admin-bundle is vulnerable to cross-site scripting XSS attacks. The library does not properly escape item.label in function templateResult in sonatatypemodelautocomplete.html.twig, allowing a malicious user to inject and execute arbitrary web scripts...

Cross-site Scripting (XSS)

paypal/merchant-sdk-php is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists due to insufficient filtration of user-supplied data in token HTTP GET parameter in samples/AccountAuthentication/GetAuthDetails.html.php, allowing a malicious user to inject and execute arbitrary w...

Cross-site Scripting (XSS)

buefy is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists in b-taginput in Autocomplete.vue the use of v-html when auto-complete is set to true, allowing a malicious user to inject and execute arbitrary web scripts...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/index.php by adding a question mark ? followed by the payload...

Oracle Siebel Sales Cross-Site Scripting

A cross-site scripting vulnerability exists in Oracle Siebel Sales. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web scripts into the affected system...