Spotify Play Button <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. spotify-play...

Cross-Site Scripting (XSS)

Silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the Page name. This allows an attacker to use the payload " to trigger an XSS alert and execute arbitrary scripts in the context of the user's browser...

silverstripe/framework has Cross-site Scripting vulnerability in page name

silverstripe/framework is vulnerable to XSS in Page name where the payload " will trigger an XSS alert...

HTMLy Version v2.9.6 - Stored XSS Vulnerability

Exploit Title: HTMLy Version v2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see XSS alert...

HTMLy 2.9.6 Cross Site Scripting

Exploit Title: HTMLy Version : 2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see xss alert...

Jobs for WordPress < 2.7.4 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks 1. As a Contributor, navigate to "Add new position" 2. On the page to create a post, in the "Working Hours" add: 3. When a...

AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting

The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Visit WPBot Lite Settings Language Center. 2. Within any of the tabs "General", "FAQ", or "ChatBot...

Simple File List < 6.0.10 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to...

Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert thi...

Seat Reservation System 1.0 Cross Site Scripting

Exploit Title: Seat Reservation System 1.0 Persistent Cross-Site Scripting Date: 10-08-2020 Exploit Author: George Tsimpidas Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version:...

Automattic: Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media

Hello there, I found a stored xss vulnerability. Steps: 1. Go to https://app.crowdsignal.com/dashboard 2. Create a quiz. 3. Go to https://app.crowdsignal.com/quizzes/your-quiz-id/question 4. Add Multiple Choice 5. Put a name to answer 1. 6. Click Add media button. F901543 7. Select Embed Media 8...

FormAssembly: XSS in api_v1

Researcher reported XSS that was demonstrated via outputting an alert. Issue has been resolved...

XSS vulnerability in invite-users-panel.vm [$i18n.getText('easyuser.send.invitations.email.placeholder', [$siteTitle]), line 37]

Panopticon http://panopticon.dyn.syd.atlassian.com/ has detected that the following file contains a XSS vulnerability. This vulnerability has been manually confirmed. File: confluence-plugins/confluence-bundled-plugins/confluence-easyuser-admin/src/main/resources/templates/invite-users-panel.vm...