278 matches found
CVE-2024-56508 File Upload Vulnerability Leading to XSS in LinkAce v1.15.5
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads...
CVE-2024-49593
In Advanced Custom Fields ACF before 6.3.9 and Secure Custom Fields before 6.3.6.3 plugins for WordPress, using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the fr...
Widget Bundle <= 2.0.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Enable the "Text Form" widget 2. Ad...
Social Pixel <= 2.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...
Apache mod_proxy_cluster - Stored XSS Exploit
import requests import argparse from bs4 import BeautifulSoup from urllib.parse import urlparse, parseqs, urlencode, urlunparse from requests.exceptions import RequestException class Colors: RED = '\03391m' GREEN = '\0331;49;92m' RESET = '\0330m' def getclustermanagerurlbaseurl, path:...
CVE-2024-34467
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...
Sailthru Triggermail <= 1.1 - Reflected XSS
Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open: alert23' /...
E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: E-INSUARANCE v1.0 - Stored Cross Site Scripting XSS Google Dork: NA Date: 28-03-2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html Version: v1.0...
CVE-2023-40287
CVE-2023-40287 affects Supermicro X11SSM-F, X11SAE-F, and X11SSE-F devices running version 1.66. The issue is a web-interface cross-site scripting (XSS) vulnerability in the X11 series’ BMC web UI, caused by inadequate protection of the web page structure, enabling remote attackers to inject arbi...
Testimonial Slider < 2.3.8 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Testimonial Shortcode" 2. Ad...
BIT-AIRFLOW-2020-17515
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...
BIT-AIRFLOW-2021-28359 Apache Airflow Reflected XSS via Origin Query Argument in URL
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...
CVE-2024-24570 Statamic account takeover via XSS and password reset link
Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...
DoraCMS Cross-Site Scripting Vulnerability (CNVD-2023-9750397)
DoraCMS is a software application. Based on Nodejs+eggjs+mongodb to write a content management system . A cross-site scripting XSS vulnerability exists in DoraCMS version v2.1.8. An attacker can exploit this vulnerability to execute arbitrary code by uploading a specially crafted HTML or image fi...
Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks 1. Create a contact form 2. Embed the contact form shortcode on a post or page. 3. As an Unauthitncated user, inject the inputs for a malicious scri...
FormCraft < 1.2.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. There are two XSS issues: Example A: ...
WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the "Email Options" section of t...
Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Insert any of the following shortcodes in a...
AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot 1. Go to "Settings Language Settings ChatBot Keywords" 2. Enter...
govuk_tech_docs vulnerable to unescaped HTML on search results page
Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...