A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exist
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web in...
A reflected Cross-Site Scripting (XSS) vulnerability was discovered in pdf.js, the PDF rendering library, when opening a PDF file from a local system using Firefox version 132.0.2 (64-bit). The vulnerability allows malicious JavaScript code to be executed in the context of the user’s browse...
For each of the identified endpoints, an attacker can exploit the vulnerability by injecting a malicious script via the respective parameter. Below are the URLs with crafted payloads that demonstrate the reflected XSS: http://target-ip/index.php/admin/web/user.html?ks=%22%3E%3Cscript%3Ealert(...
A vulnerability in Cisco WebEx Meetings could allow an unauthenticated, remote attacker to perform reflected cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker
This code directly writes an HTTP parameter to Servlet output, which allows for a reflected cross site scripting vulnerability. Seehttp://en.wikipedia.org/wiki/Cross-site_scriptingfor more information. FindBugs looks only for the most blatant, obvious cases of cross site scripting. If FindBugs ...
A xss vulnerability was discovered in beetl-bbs. A reflected XSS exists via the /index keyword parameter, which allows remote attackers to inject arbitrary web script or HTML. Poc:alert(document.cookie) Information Exposure: The cookie set after a successful user login contains an MD5 hash of t...
Prior to this Werk an attacker could send malicious links to unsuspecting users in order to inject malicious HTML code into the browser of the user. This vulnerability wa
Automated detection of cross site scripting vulnerabilities An automated method and system for testing a web site for vulnerability to a cross site scripting (XSS) attack are disclosed. The automated tool injects a tracer value into both GET and POST form data, and monitors the resultant HTML ...
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. Vulnerability Trend ...