CWE-79

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Cross-site Scripting (XSS) – Stored in GitHub repository nocodb/nocodb prior to 0.91.7.

Cross-site Scripting (XSS) – Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.

Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 19.0.2.

Cross-site Scripting (XSS) – Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.

The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the ‘frameid’ parameter found in the ~/src/Package/views/shortcode-iframe.php file.