Cross Site Scripting

Exploits

CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
ByRaxis Research Team July 6, 2022July 28, 2025

Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application.

Read More CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
Exploits

CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
ByRaxis Research Team May 17, 2022July 28, 2025

Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting.

Read More CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
Exploits | How To | Injection Attacks | Web Apps

Hackers See Opportunity Where You See Only a Button
ByBrad Herring April 1, 2022June 3, 2025

In this post, Raxis VP Brad Herring explains how web proxy tools can turn even simple buttons and check-boxes into avenues for an attack.

Read More Hackers See Opportunity Where You See Only a Button
Exploits | How To

Cross-Site Scripting (XSS): Filter Evasion and Sideloading
ByRaxis Research Team November 12, 2021June 3, 2025

In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content.

Read More Cross-Site Scripting (XSS): Filter Evasion and Sideloading
How To | Security Recommendations

Introduction to Cross-Site Scripting
ByRaxis Research Team October 29, 2021

This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.

Read More Introduction to Cross-Site Scripting
Patching | Security Recommendations

Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
ByRaxis Research Team September 17, 2021

Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site scripting vulnerability that could leave users open to attack.

Read More Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
Security Recommendations

Keep Your Cookies in the Cookie Jar: HttpOnly and Secure Flags
ByRaxis Research Team September 3, 2021June 3, 2025

How can cookies be used against you? And how do you keep that from happening? Raxis’ Matt Dunn explains.

Read More Keep Your Cookies in the Cookie Jar: HttpOnly and Secure Flags
Patching | Security Recommendations

PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
ByRaxis Research Team August 20, 2021July 28, 2025

Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor (CVE-2021-29643). Read more here.

Read More PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
Exploits

ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)
ByRaxis Research Team June 11, 2021July 28, 2025

Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).

Read More ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)
Exploits

Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
ByRaxis Research Team May 20, 2021July 26, 2025

Raxis lead penetration tester Matt Dunn has uncovered a new cross-site scripting vulnerability in Manage Engine AD Self Service Plus (CVE-2021-27956). Find out more here.

Read More Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)