r0ck3t1973/xss_payload

GitHub

github.com

Releases0

Stars1

Fusion

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-51506 ↗	Oct 28, 2024Monday, 28 October 2024, 23:15	4.8 MEDIUM	—
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
CVE-2024-51507 ↗	Oct 28, 2024Monday, 28 October 2024, 23:15	4.8 MEDIUM	—
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
CVE-2024-51508 ↗	Oct 28, 2024Monday, 28 October 2024, 23:15	4.8 MEDIUM	—
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
CVE-2024-51509 ↗	Oct 28, 2024Monday, 28 October 2024, 23:15	4.8 MEDIUM	—
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
CVE-2021-36550 ↗	Oct 28, 2021Thursday, 28 October 2021, 20:15	5.4 MEDIUM	3.5 LOW
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.
CVE-2021-36551 ↗	Oct 28, 2021Thursday, 28 October 2021, 20:15	5.4 MEDIUM	3.5 LOW
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
CVE-2020-25422 ↗	Oct 28, 2021Thursday, 28 October 2021, 19:15	5.4 MEDIUM	3.5 LOW
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-25875 ↗	Jul 9, 2021Friday, 9 July 2021, 22:15	5.4 MEDIUM	3.5 LOW
A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter.
CVE-2020-25876 ↗	Jul 9, 2021Friday, 9 July 2021, 22:15	5.4 MEDIUM	3.5 LOW
A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.
CVE-2020-25879 ↗	Jul 9, 2021Friday, 9 July 2021, 22:15	5.4 MEDIUM	3.5 LOW
A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter.
CVE-2020-23659 ↗	Aug 26, 2020Wednesday, 26 August 2020, 18:15	5.4 MEDIUM	3.5 LOW
WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature.