278 matches found
CVE-2022-38803
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
Improper access control
Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...
Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting
The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins Create a New popup Insert pop-up name, title, and body text. Add a new trigger with defau...
PT-2022-23133 · Kirby · Kirby
Name of the Vulnerable Software and Affected Versions: Kirby versions 3.5 through 3.5.8.0 Description: Cross-site scripting XSS allows execution of JavaScript code inside the Panel session of the same or other users. A harmful script can trigger requests to Kirby's API with the permissions of the...
Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text" settings of the plugin...
mTouch Quiz <= 3.1.3 - Admin+ Stored Cross Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the delimiter...
Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "After Register Redire...
Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a video from a slider and put the following payload in the Description: , then save/update the vide...
xss using .xsig file
Description xss using .xsig file Proof of Concept 1. Save this file as test.xsig file and upload it to http://localhost/ListAttachedFile 2. now view this file in chrome browser and see xss is executed...
Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file Create/edit a quote and put t...
Enable SVG < 1.4.0 - Author+ Stored Cross Site Scripting via SVG
The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads As an author or above, upload the below SVG file via the Media library: alert/XSS/; The XSS will be triggered when accessing the file directly, e...
Adrotate < 5.8.23 - Admin+ XSS via Advert Name
The plugin does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create/edit an Advert and put the following payload in the Name field: " The XSS will be triggered when accessi...
Fast Flow < 1.2.11 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting ' document.form1.submit;...
ICT Protege GX/WX 2.08 Cross Site Scripting
ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App: 02.08.766 Lib: 04.00.169 Int: 02.2.208...
YOP Poll < 6.3.5 - Author+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of the settings available to users with a role as low as author before outputting them, leading to a Stored Cross-Site Scripting issue As author, put the following payload in the Settings Integration Use Google reCaptcha Yes Site Key: v v 6.3.5 - "...
E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)
The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Refer to https://mikadmin.fr/tech/XSS-Stored-E2Pdf-798ef69b0e13c36acf5446358d57c965Dx90666bNvCw98.pdf...
Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting
The plugin does not escape custom fields before outputting them, which could allow Contributor+ v Preferences Panels and enable the Custom Fields, such as testxss with a value of alert/XSS/ Then add the following shortcode to the post field testxss and view/preview it to trigger the XSS...
uBidAuction v2.0.1 - 'Multiple' Cross Site Scripting (XSS)
Exploit Title: uBidAuction v2.0.1 - 'Multiple' Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 21/01/2022 Document Title: =============== uBidAuction v2.0.1 - Multiple XSS Web Vulnerabilities References Source: ====================...
Mitsol Social Post Feed <= 1.10 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Access Token User access...
NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS
The plugin does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue curl -H 'x-tomato: alert/XSS/;' 'https://example.com/?nxs-cronrun=yes' The XSS will be triggered in the Log/History...