7 matches found
CVE-2022-41392
A cross-site scripting XSS vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings...
PT-2022-25841 · Total.Js · Total.Js
Name of the Vulnerable Software and Affected Versions: TotalJS version 8c2c8909 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. Recommendations: For version...
Total Avengers Totaljs Framework 跨站脚本漏洞
Total Avengers Totaljs Framework is a Javascript-based codebase for building web, desktop, service or IoT applications from Total Avengers Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications. Total Avengers A security vulnerability exis...
UBUNTU-CVE-2021-44120
SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site...
PT-2022-11995 · Spip +2 · Spip +2
Name of the Vulnerable Software and Affected Versions: SPIP version 4.0.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability in the ecrire/public/interfaces.php file, specifically affecting the "Who are you" and "Website Name" fields. An editor can modify their personal...
Creatiwity wityCMS Cross-Site Scripting Vulnerability
Creatiwity wityCMS is a lightweight PHP-based model-view-controller-oriented content management system CMS. A cross-site scripting vulnerability exists in the 'Website's name' field on the 'Settings' page under the 'General' menu in version 0.6.1 of Creatiwity wityCMS. ' field in the 'Settings'...
Cross site scripting
Stored cross-site scripting XSS vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...