Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application…

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script…

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL…

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script can be activated through Action…

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash.…

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative…

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user “zabbix”) on the Zabbix…

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line…

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site:…

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14. Zafiyet…