The Unicorn framework through 0.35.3 for Django allows XSS via component.name.Īn issue was discovered in the Growth extension in MediaWiki through 1.36.2. The Chat functionality allows XSS because clipboard data is mishandled.Īn issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.Īn issue was discovered in Zammad before 4.1.1. The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.Īn issue was discovered in Zammad before 4.1.1. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. The Unicorn framework before 0.36.1 for Django allows XSS via a component. html file on the website that uses this editor (the file suffix is allowed).Ĭross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.Ĭross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the. The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter.
After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack. Myfactory.FMS before 7.1-912 allows XSS via the UID parameter.Įasytest bulletin board management function of online learning platform does not filter special characters. Myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
0 kommentar(er)
