-
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sani…
-
Program output should be inserted more safely, like with `Node.textContent` or through the Sanitizer API if HTML rendering is desired behavior (probably not). Has mild security impact because the clie…
-
software component: GeoNetwork (opensource)
version: 3.2.1.0
test date: 21.04.2017
concerned parameter:
• /./proxy [url parameter]
• /./srv/eng/thesaurus.download [ref parameter]
• /./srv/…
lfrz updated
7 months ago
-
If you set the first name (or any other field) of a user's record to include alert(1) the application will alert 1 on any screen that username is shown. Likewise this can be used to redirect to anothe…
-
`frappe-charts` is vulnerable to `Cross-Site Scripting (XSS)`.
# Steps To Reproduce-:
1. Open NPM repo https://www.npmjs.com/package/frappe-charts
2. Open the Explore demos https://frappe.io/…
-
The widget is currently vulnerable to cross-site scripting and can access the parent document's cookies. I was trying to figure out how other editors like CodePen and JS Bin prevent this, and I stumbl…
-
### Preconditions
Agent/Admin should be able to login into the neetoDesk mobile application.
### Steps to reproduce
* *Step 1*
Action: Enter the script to all the fields:
\<script> alert("…
-
Hi,
$subject and $comments in insert.php are vulnerables to xss attack: a remote attacker could inject à malicious javascript to corrupt user for example: `alert(1)`
to correct this vulnerabilit…
-
Example JS fiddle:
[https://jsfiddle.net/16L0usfo/1/](https://jsfiddle.net/16L0usfo/1/)
When loading data over AJAX (or otherwise parsing it from some JSON) Footables is vulnerable to XSS. The fix…
-
**Jodit Version:** 3.24.2
**Browser:** Chrome
**OS:** Windows
**Is React App:** True
**Description**
Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of…