header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Sitefinity 15.0 – Cross-Site Scripting (XSS)

A Cross-Site Scripting (XSS) vulnerability was found in Sitefinity CMS versions prior to 15.0.0. The vulnerability exists in all features using SF-Editor in the backend of the CMS. An attacker with lower privileges can insert malicious XSS payloads in the content form, which will be executed when a user with higher privileges, the victim, views the affected page.

PyroCMS v3.0.1 Stored Cross-Site Scripting

An attacker can exploit the vulnerability in PyroCMS v3.0.1 by injecting a malicious payload into the 'Redirect From' field, triggering a stored cross-site scripting (XSS) attack. This could lead to unauthorized access, data theft, and other malicious activities. No CVE has been assigned yet.

Chyrp 2.5.2 – Stored Cross-Site Scripting (XSS)

Chyrp 2.5.2 is vulnerable to stored cross-site scripting (XSS) due to improper sanitization of user-supplied data. An attacker can inject malicious scripts into the 'Title' field, leading to the execution of arbitrary code in the context of the user's browser. This vulnerability has been assigned CVE-ID: N/A.

WordPress File Upload < 4.23.3 Stored XSS

A Stored Cross-Site Scripting (XSS) vulnerability exists in WordPress File Upload plugin version 4.23.3 and prior. By inserting a malicious shortcode in a post, an attacker can trigger an XSS attack when a file is uploaded, leading to potential script execution in the victim's browser. This vulnerability has been assigned CVE-2023-4811.

WordPress Plugin Alemha Watermarker 1.3.1 – Stored Cross-Site Scripting (XSS)

The Alemha Watermarker Wordpress Plugin version 1.3.1 is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient sanitization of user-supplied data in the 'watermark_title' field. An attacker can insert malicious scripts in the Watermark Text field, which will execute whenever a user attempts to edit the page.

Blood Bank v1.0 Stored Cross Site Scripting (XSS)

The 'rename', 'remail', 'rphone', and 'rcity' parameters in the 'updateprofile.php' file of Code-Projects Blood Bank V1.0 are vulnerable to Stored Cross-Site Scripting (XSS) due to lack of proper input validation. An attacker can inject malicious scripts into these parameters, and when stored on the server, these scripts may get executed when viewed by other users.

Axigen < 10.5.7 - Persistent Cross-Site Scripting

The parameter `serverName_input` in Axigen version 10.5.7 and older is vulnerable to stored cross-site scripting (XSS) attacks. This vulnerability arises due to the lack of proper input sanitization, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary code on the victim's browser, impacting authenticated administrators and potentially enabling further attacks on higher privileged accounts.

Stored Cross-Site Scripting (XSS) in LimeSurvey Community Edition Version 5.3.32+220817

A critical security vulnerability in LimeSurvey Community Edition Version 5.3.32+220817 allows attackers to compromise the super-admin account through the 'Administrator email address:' field in 'General Setting.' This could result in theft of cookies and session tokens.

Recent Exploits: