A Cross-Site Scripting (XSS) vulnerability was found in Sitefinity CMS versions prior to 15.0.0. The vulnerability exists in all features using SF-Editor in the backend of the CMS. An attacker with lower privileges can insert malicious XSS payloads in the content form, which will be executed when a user with higher privileges, the victim, views the affected page.
The Wordpress Plugin WP Video Playlist 1.1.1 is vulnerable to stored cross-site scripting (XSS) attack. An attacker can inject malicious scripts into the 'videoFields[post_type]' input field, leading to the execution of arbitrary code in the context of the user's browser. This can result in cookie theft, session hijacking, or other malicious activities.
The 'your_name' parameter in WEBIGniter v28.7.23 lacks proper input validation, leading to a vulnerability where an attacker can execute malicious JavaScript code by injecting it into the parameter. This can result in reflected cross-site scripting (XSS) attacks, potentially compromising user data and system integrity.
A Cross Site Scripting (XSS) vulnerability in Petrol Pump Management Software v1.0 allows attackers to execute malicious code by inserting a specially crafted payload into the 'Address' parameter in the add_invoices.php component.
The Solar-Log 200 PM+ 3.6.0 Build 99 web panel is vulnerable to stored cross-site scripting (XSS) due to improper input validation. By inserting malicious code into the 'name' field under the Smart Energy configuration, an attacker can execute arbitrary scripts in the context of an authenticated user's session, potentially leading to cookie theft.
The GYM Management System version 1.0 is vulnerable to stored cross-site scripting (XSS) due to insufficient validation of user-supplied data in the 'lname' field of the profile.php page. An attacker can inject a malicious payload, such as x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22, which will be executed whenever a user accesses the profile.php page, leading to the execution of arbitrary scripts in the context of the user's browser. This vulnerability has been detected by Alperen Yozgat.
An attacker can exploit a Cross Site Scripting vulnerability in Petrol Pump Management Software v.1.0 by injecting malicious code through a crafted payload into the image parameter in the profile.php component. By uploading a specially crafted xss.svg file, the attacker can execute arbitrary code. The content of the xss.svg file includes a script that triggers an alert message.
A Cross Site Scripting vulnerability was found in Petrol Pump Management Software v.1.0. This vulnerability allows an attacker to execute malicious code by uploading a specially crafted SVG file to the 'image' parameter in the profile.php component. By exploiting this vulnerability, an attacker can conduct various attacks such as stealing sensitive data, session hijacking, or defacing the website.
The Firelinking - Proof-of-Concept is a proof-of-concept exploit designed for Firefox 1.0.2. It takes advantage of a bug in bugzilla #290036 to execute arbitrary JavaScript code in the context of the user's browser.
The bxcp 0.299 exploit is a PHP script that exploits a vulnerability in the bxcp software version 0.299. It allows an attacker to execute arbitrary code on the target system by injecting malicious code through a specially crafted HTTP GET request. The exploit takes advantage of a SQL injection vulnerability in the 'show' parameter of the 'index.php' file, allowing the attacker to retrieve sensitive information such as user passwords.