CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

IBM Sterling Partner Engagement Manager 跨站脚本漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. A security vulnerability exists in IBM Sterling Partner Engagement Manager. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI. Affected...

CVE-2023-33287

A stored cross-site scripting XSS vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables...

CVE-2023-33971

CVE-2023-33971 concerns the Formcreator GLPI plugin (versions 2.13.5 and earlier) with a reported stored cross-site scripting vulnerability. The issue arises from rendering with the ##FULLFORM## mechanism, which could allow arbitrary JavaScript execution in an admin/tech context. No patch is indi...

Actonic Inline Table Editing 跨站脚本漏洞

Actonic Inline Table Editing is a multifunctional tool from Actonic, Germany. A security vulnerability exists in Actonic Inline Table Editing prior to version 3.8.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to store and execute...

PT-2023-24270 · Atlassian · Confluence Inline Table Editing

Name of the Vulnerable Software and Affected Versions: Confluence Inline Table Editing versions prior to 3.8.0 Description: A stored cross-site scripting issue allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables. Recommendations: For versions...

Code injection

JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...

Design/Logic Flaw

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users such as an administrator to inject arbitrary javascript into the admin panel, even when the unfilteredhtml capability is disabled, such as in a...

Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in the Header and Footer parameter in settings.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

PT-2023-17921 · WordPress · Autoptimize

Name of the Vulnerable Software and Affected Versions: Autoptimize WordPress plugin versions prior to 3.1.7 Description: The issue allows high privileged users, such as administrators, to inject arbitrary javascript into the admin panel. This can occur even when the unfiltered html capability is...

The vulnerability of the Sophos Web Appliance (SWA) protection and management tool lies in the lack of measures taken to protect the structure of the web page. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the Sophos Web Appliance SWA security and management tool exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code using a specially crafted form...

Kiwi TCMS 跨站脚本漏洞

Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A security vulnerability exists in Kiwi TCMS versions prior to 12.3 that stems from allowing users to upload attachments to test plans, test cases, etc., which makes it possible...

Cross-Site Scripting (XSS)

concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the rss displayer which allows an attacker to inject arbitrary JavaScript code into the browser...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the settings.js file, which allows an attacker to inject arbitrary JavaScript code into the browser...

CVE-2023-28394

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well...

Command injection

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the save grid option, which allows an attacker to inject arbitrary JavaScript code into the browser...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists in details.php due to lack of sanitation when adding tags on uploaded files which allows an attacker to inject and execute arbitrary JavaScript...

Cross-Site Scripting (XSS)

alextselegidis/easyappointments is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user display name sanitization in backendheader.php, which allows an attacker to inject and execute arbitrary JavaScript into the browser...