9 matches found
CVE-2023-50072
A Stored Cross-Site Scripting XSS vulnerability exists in OpenKM version 7.1.40 dbb6e88 With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS...
CVE-2024-55341
A stored cross-site scripting XSS vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload...
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...
CVE-2025-23110
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...
CVE-2025-23110
CVE-2025-23110 affects REDCap v14.9.6. A reflected XSS vulnerability exists in the email-subject field when uploading a CSV containing alert configurations; a victim who opens the uploaded data and clicks the email-subject may trigger the payload. Affected component: email-subject handling during...
CVE-2025-23110
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...
PHP Restaurants 1.0 - SQL injection Authentication Bypass & Cross Site Scripting Vulnerabilities
Exploit Title: PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting XSS Exploit Author: Or4nG.M4n Vendor Homepage: https://github.com/jcwebhole Software Link: https://github.com/jcwebhole/phprestaurants Version: 1.0 functions.php function login global $conn; $email =...
U.S. Dept Of Defense: Reflected XSS in ██████
A reflected XSS vulnerability was found on one of the subdomains of a system. The vulnerability was located in the emailbody parameter of the PreviewLetterhead.aspx page. An attacker could exploit this vulnerability to execute malicious scripts and steal user's cookies, launch phishing attacks, a...
Cross site scripting
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formnickname parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server"...