Moxa SDS-3008 cross-site scripting vulnerability (CNVD-2023-58305)

Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...

PT-2023-1393 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM Infosphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

Italtel NetMatch-S CI 跨站脚本漏洞

Italtel NetMatch-S CI is Italtel's first "In-Cloud" SBC designed for deployment in data center/cloud environments in accordance with emerging IT practices and telecom specifications NFV. A security vulnerability exists in Italtel NetMatch-S CI version 5.2.0-20211008, which stems from the presence...

Siemens Desigo PXM Devices Cross-Site Request Forgery (CVE-2022-40180)

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

CVE-2022-47197

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

CVE-2022-47194

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

LISTSERV 17 Cross Site Scripting

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-39195 A reflected cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote...

UBUNTU-CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

PT-2023-13448 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.5.7 GitLab CE/EE versions 15.6 through 15.6.4 GitLab CE/EE versions 15.7 through 15.7.2 Description: The issue arises from inadequate filtering of query parameters on the wiki changes page, allowing an...

CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

CVE-2022-3573

Removed by vendor...

Cross-Site Scripting (XSS)

oxidized-web is vulnerable to cross-site scripting. The vulnerability exists in confsearch.haml due to manipulation of the argument toresearch which allows an attacker to inject and execute arbitrary javascript...

CVE-2022-38207 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser...

CVE-2022-38204 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

Cross site scripting

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser...

PT-2022-24286 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9.1 and below Description: The issue is related to a reflected XSS vulnerability that may allow a remote, unauthenticated attacker to create a crafted link. When clicked, this link could execute arbitrary...

IBM Security Verify Governance Identity Manager Cross-Site Scripting Vulnerability

IBM Security Verify Governance Identity Manager is an IBM network appliance-based integration that focuses on business-centric rules, activities, and processes. version 10.0.1 of IBM Security Verify Governance Identity Manager is vulnerable to A cross-site scripting vulnerability exists. An...

GHSA-9P8J-HRGF-JC2G Apache Zeppelin Cross-site Scripting vulnerability

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported...