CVE-2023-25835

There is a stored Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site configuration. When accessed by a victim, the...

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS versions 10.8.1 through 10.9, which stems from the presen...

Cross-site Scripting (XSS)

ckeditor-wordcount-plugin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the strip function at plugin.js when switching to the source code mode which allows an attacker to inject and execute arbitrary javascript...

Milesight VPN 安全漏洞

Milesight VPN is a web-based VPN monitoring and management platform from China-based Milesight. A security vulnerability exists in Milesight VPN v2.0.2. An attacker can exploit this vulnerability to cause arbitrary Javascript code injection via a specially crafted HTTP request...

CVE-2023-34599

Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...

CVE-2023-34599

Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...

CVE-2023-34599

Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...

Cross site scripting

Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...

CVE-2023-34599

Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...

CVE-2023-34599

Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code...

CVE-2023-34835

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable deletefile parameter...

IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. IBM Business Automation Workflow has a security...

MTN Group: Reflected XSS in https://nin.mtn.ng/nin/success?message=lol&nin=<VULNERABLE>

The reflected XSS vulnerability was found in the 'nin' parameter of the 'https://nin.mtn.ng/nin/success' endpoint. Successful exploitation allowed an attacker to execute arbitrary JavaScript in the victim's browser...

Acronis: [oem.acronis.com] Reflected Cross Site Scripting

The researcher discovered a reflected cross-site scripting XSS vulnerability on the oem.acronis.com website. The vulnerability was found on the /test/testenv.html page, where user-supplied input was not properly sanitized, allowing the execution of arbitrary JavaScript code...

Cross-site Scripting (XSS)

Sonargraph Integration Jenkins Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in doCheckLogFile function in SonargraphReportBuilder.java because it fails to escape the file path and the project name for the Log file field form validation which allows an attacker to...

Cross-Site Scripting (XSS)

admidio/admidio is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in this library. which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2023-24031

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure...

CVE-2023-24031

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure...

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...