stored xss vulnerabilities and exploits

(subscribe to this query)

5.4

CVSSv3

Sage X3 Stored XSS Vulnerability on â€˜Editâ€™ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates...

Sage Syracuse1 Article available

6.1

CVSSv3

WordPress before 5.5.2 allows stored XSS via post slugs....

Wordpress Wordpress Fedoraproject Fedora 31 Fedoraproject Fedora 32 Fedoraproject Fedora 33 Debian Debian Linux 9.0 Debian Debian Linux 10.01 Github repository available

5.4

CVSSv3

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk....

Moodle Moodle Moodle Moodle 4.0.0 Redhat Enterprise Linux 8.0 Fedoraproject Fedora 34 Fedoraproject Fedora 35 Fedoraproject Fedora 36

5.4

CVSSv3

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this...

Nextcloud Circles

NA

Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit...

Theforeman Foreman

5.4

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side....

Gitlab Gitlab Gitlab Gitlab 15.2

6.1

CVSSv3

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar...

Trilexnet Letodms Debian Debian Linux 8.01 EDB exploit available

4.8

CVSSv3

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3....

Redhat Ovirt-engine

5.4

CVSSv3

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission....

Jenkins Junit

5.4

CVSSv3

OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored...

Factorfx Ocs Inventory 2.9.1

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook