Easy!Appointments 跨站脚本漏洞

Easy!Appointments is a web-based appointment and schedule management system. A cross-site scripting vulnerability exists in versions prior to Easy!Appointments 1.5.0, which can be exploited by an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user...

CVE-2023-24464

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

Cross site scripting

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

CVE-2023-24464

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

CVE-2023-24464

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...

PT-2023-19622 · Unknown +4 · Bs-Gs2024P +5

Name of the Vulnerable Software and Affected Versions: BS-GS2008 firmware versions 1.0.10.01 and earlier BS-GS2016 firmware versions 1.0.10.01 and earlier BS-GS2024 firmware versions 1.0.10.01 and earlier BS-GS2048 firmware versions 1.0.10.01 and earlier BS-GS2008P firmware versions 1.0.10.01 and...

CVE-2023-0546 FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...

CVE-2022-43914

IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036...

Uptime Kuma 1.19.6 Cross Site Scripting

Exploit Title: Stored XSS in uptime-kuma ""alert"XSS" If anyone loads the page, the javascript inside the script tag will be executed...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in class.js, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-Site Scripting (XSS)

rails is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in HTML elements, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

LISTSERV 17 - Reflected Cross Site Scripting (XSS)

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Google Dork: inurl:/scripts/wa.exe Date: 12/01/2022 Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CV...

GHSA-7J98-H7FP-4VWJ smarty Cross-site Scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused by the filter function in filter.php when the algebra filter code is not available, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2023-28447

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to the ajax function in pagination.js because the url sanitization regex pattern does not take into account backward slashes \ that modern browsers treat as forward slashes / , which allows an attacker to...

Stored Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of HTML sanitization in the the user ID when exporting to data formats supporting HTML which allows an attacker to inject and execute arbitrary JavaScript when a user clicks on the downloaded file. Not...

The vulnerability of the NetAct network management system lies in the lack of input validation during the creation of a working set, allowing an attacker to execute arbitrary JavaScript code.

The vulnerability of the NetAct network management system lies in the lack of input validation during the creation of a working set. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary JavaScript code...

CVE-2023-27592

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

Stored Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to the quiz override page via the user ID which allows an attacker to inject and execute arbitrary JavaScript in the browser...