3296 matches found
Cross site scripting
A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to...
CVE-2023-40617
A reflected cross-site scripting XSS vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'...
CVE-2023-38878
A reflected cross-site scripting XSS vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'errordescription' parameters of 'oauth2.php'...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'errordescription' parameters of 'oauth2.php'...
CVE-2023-42471
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...
CVE-2023-38878
A reflected cross-site scripting XSS vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'errordescription' parameters of 'oauth2.php'...
CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...
CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution...
The vulnerability of the Tough-cookie package for the Node.js software platform allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the Tough-cookie package for the Node.js software platform is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow a remote attacker to execute arbitrary JavaScript code...
CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix. This vulnerability has been patched on version 0.1.0. Users are...
CVE-2023-41049 Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix. This vulnerability has been patched on version 0.1.0. Users are...
PT-2023-27760 · Unknown · @Dcl/Single-Sign-On-Client
Name of the Vulnerable Software and Affected Versions: @dcl/single-sign-on-client versions prior to 0.1.0 Description: The issue concerns improper input validation in the init function, allowing arbitrary JavaScript to be executed using the javascript: prefix. This can be exploited by passing...
CVE-2023-41642
Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...
GruppoSCAI RealGimm 跨站脚本漏洞
GruppoSCAI RealGimm is a large-scale property and real estate asset management solution from SCAI. A security vulnerability exists in GruppoSCAI RealGimm version 1.1.37p38, which stems from the presence of multiple Reflective Cross-Site Scripting XSS vulnerabilities that could allow an attacker t...
PT-2023-14393 · Ibm · Ibm Security Guardium
Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 11.4 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...
Cross-site Scripting (XSS)
silverstripe/admin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the tinymce.js due to lack of sanitization of user inputs during editing which allows an attacker to inject and execute arbitrary JavaScript into a victims browser...
Cross-site Scripting (XSS)
cockpit-hq/cockpit is vulnerable to Stored Cross-site Scripting XSS. The vulnerability exists in the upload function at bootstrap.php due to lack of MIME sanitization which allows an attacker to inject and execute arbitrary JavaScript...
Cross-site Scripting (XSS)
cockpit-hq/cockpit is vulnerable to Cross-site Scripting XSS. The vulnerability exists in upload function at bootstrap.php because due to improper sanitization of inputs which allows an attacker to inject and execute arbitrary javascript...
CVE-2023-2318
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into...
CVE-2023-2317
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...