485 matches found
CVE-2024-23727
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.020231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...
CVE-2024-22397
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...
CVE-2024-28112 Cross site scripting on router page in Peering Manager
Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting XSS attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code wi...
GHSA-2WQW-HR4F-XRHH RSSHub Cross-site Scripting vulnerability caused by internal media proxy
Impact When the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. Patches This vulnerability was fixed...
RSSHub Cross-site Scripting vulnerability caused by internal media proxy
Impact When the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. Patches This vulnerability was fixed...
BIT-GITLAB-2021-39878
A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...
BIT-MEDIAWIKI-2021-42048
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...
CVE-2024-27627
A reflected cross-site scripting XSS vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the badpassword.php page...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the badpassword.php page...
Cross-Site Scripting (XSS)
sidekiq-unique-jobs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper parameter sanitization within GET request to the admin webUI. This allows an attacker with super-user permission to execute arbitrary JavaScript code in the browser...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...
CVE-2022-40744 IBM Aspera Faspex cross-site scripting
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441...
CVE-2024-22414
flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...
CVE-2023-49086
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...
Cross site scripting
IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2023-47620 Scrypted reflected Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...
CVE-2023-48042
Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...
Fedora 39 : roundcubemail (2023-735ee6d4e1)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-735ee6d4e1 advisory. Version 1.6.4 - Fix PHP8 warnings 9142, 9160 - Fix default 'mime.types' path on Windows 9113 - Managesieve: Fix javascript error when relational or spamtest...
IBM Security Verify Governance Cross-Site Scripting Vulnerability
IBM Security Verify Governance is an identity and access management solution provided by IBM. It is a software system for managing and monitoring user identities, permissions and access. A cross-site scripting vulnerability exists in IBM Security Verify Governance, which can be exploited by an...
CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...