CVE-2023-38881

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendarid', 'schooldate', 'month' or 'year'...

Open Solutions For Education openSIS Security Vulnerability

Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education, Inc. A security vulnerability exists in Open Solutions For Education openSIS Classic Community Edition v9.0, which originates from a Reflective Cross-Site Scripting XSS...

Open Solutions For Education openSIS Security Vulnerability

Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education, Inc. A security vulnerability exists in Open Solutions For Education openSIS Classic Community Edition v9.0, which originates from a Reflective Cross-Site Scripting XSS...

CVE-2023-5987

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected...

Fedora 39 : roundcubemail (2023-735ee6d4e1)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-735ee6d4e1 advisory. Version 1.6.4 - Fix PHP8 warnings 9142, 9160 - Fix default 'mime.types' path on Windows 9113 - Managesieve: Fix javascript error when relational or spamtest...

The vulnerability in the component bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js of the main service module for managing Bitrix24 allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the component bitrix/templates/bitrix24/components/bitrix/menu/leftvertical/script.js, which is part of the main service for managing Bitrix24, relates to uncontrolled changes to prototype object attributes. Exploiting this vulnerability could allow an attacker to execute...

Bitrix24 Security Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24 version 22.0.300, which stems from a missing response header o...

CVE-2023-45671

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

CVE-2023-45671 Frigate reflected XSS through `/<camera_name>` API endpoints

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

IBM Security Verify Governance Cross-Site Scripting Vulnerability

IBM Security Verify Governance is an identity and access management solution provided by IBM. It is a software system for managing and monitoring user identities, permissions and access. A cross-site scripting vulnerability exists in IBM Security Verify Governance, which can be exploited by an...

Cross-site Scripting (XSS)

yamcs-web is vulnerable to Cross-site Scripting XSS. The vulnerability is present because there is insufficient validation when uploading files in the library. This flaw enables an attacker to upload an HTML file that contains arbitrary JavaScript. When a user opens this file, the arbitrary...

CVE-2023-45280

Yamcs 5.8.6 allows XSS issue 2 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrar...

CVE-2023-40153

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software...

Yamcs Cross-Site Scripting Vulnerability

Yamcs is an open source software framework from Yamcs Open Source. It is used to command and control spacecraft, satellites, payloads, ground stations and ground equipment. A security vulnerability exists in Yamcs version 5.8.6, which originates from a method that allows you to upload an HTML fil...

Home Assistant Code Injection Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions prior to 2023.9.2 that stems from an arbitrary URL loading issue in WebView. An attacker can exploit the...

CVE-2023-45958

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

Cross site scripting

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

CVE-2023-45958

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

CVE-2023-35024

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend...

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...