The vulnerability exists in NoteMark version 0.13.0 and below. By injecting a malicious payload into a note and rendering it using the 'Rendered' tab, an attacker can execute arbitrary JavaScript code in the context of the user's session.
Gitea version 1.22.0 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This security flaw enables a malicious actor to insert harmful scripts that are stored on the server and run within the context of another user's session.
The vulnerability allows attackers to execute malicious scripts by embedding them in the filename of an image file uploaded as part of creating a new ticket in the HelpDeskZ software version 2.0.2. Successful exploitation can lead to compromise of the administration panel and execution of unauthorized scripts in the administrator's environment.
Calibre-web 0.6.21 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This allows an attacker to insert malicious scripts stored on the server and run in the context of another user's session. By exploiting this vulnerability, an attacker can execute arbitrary scripts in the victim's browser.
A Cross-Site Scripting (XSS) vulnerability was found in Sitefinity CMS versions prior to 15.0.0. The vulnerability exists in all features using SF-Editor in the backend of the CMS. An attacker with lower privileges can insert malicious XSS payloads in the content form, which will be executed when a user with higher privileges, the victim, views the affected page.
An attacker can exploit the vulnerability in PyroCMS v3.0.1 by injecting a malicious payload into the 'Redirect From' field, triggering a stored cross-site scripting (XSS) attack. This could lead to unauthorized access, data theft, and other malicious activities. No CVE has been assigned yet.
Chyrp 2.5.2 is vulnerable to stored cross-site scripting (XSS) due to improper sanitization of user-supplied data. An attacker can inject malicious scripts into the 'Title' field, leading to the execution of arbitrary code in the context of the user's browser. This vulnerability has been assigned CVE-ID: N/A.
A Stored Cross-Site Scripting (XSS) vulnerability exists in WordPress File Upload plugin version 4.23.3 and prior. By inserting a malicious shortcode in a post, an attacker can trigger an XSS attack when a file is uploaded, leading to potential script execution in the victim's browser. This vulnerability has been assigned CVE-2023-4811.
The Alemha Watermarker Wordpress Plugin version 1.3.1 is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient sanitization of user-supplied data in the 'watermark_title' field. An attacker can insert malicious scripts in the Watermark Text field, which will execute whenever a user attempts to edit the page.
The 'rename', 'remail', 'rphone', and 'rcity' parameters in the 'updateprofile.php' file of Code-Projects Blood Bank V1.0 are vulnerable to Stored Cross-Site Scripting (XSS) due to lack of proper input validation. An attacker can inject malicious scripts into these parameters, and when stored on the server, these scripts may get executed when viewed by other users.
Services By CQR
