CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-50677

CVE-2024-50677 describes a cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 where an attacker can inject a crafted payload into the Search parameter to execute arbitrary web scripts or HTML. The root cause is improper handling/validation of user input in the search functionality, ...

CVE-2024-50677

A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53470

CVE-2024-53470 involves multiple stored XSS vulnerabilities in WeGIA v3.2.0, specifically in the component /configuracao/gateway_pagamento.php. The issue allows injection of arbitrary web scripts or HTML via the id or name parameter, with the root cause identified as stored XSS. The provided docu...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-53278

Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen...

CVE-2024-48535

A stored cross-site scripting XSS vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...

PT-2024-34473 · Unknown · Ferozo Webmail

Name of the Vulnerable Software and Affected Versions: Ferozo Webmail version 1.1 Description: A Cross-Site Scripting XSS issue allows attackers to execute arbitrary scripts. Recommendations: For Ferozo Webmail version 1.1, at the moment, there is no information about a newer version that contain...

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Online Shopping Portal dom_data.php file cross-site scripting vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2024-43209)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2024-43205)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

JetBrains YouTrack 跨站脚本漏洞

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a cross-site scripting...

MangoOS 安全漏洞

MangoOS is an open source JavaScript object-oriented programming library from Automattic. A security vulnerability exists in MangoOS versions prior to 5.2.0, which stems from vulnerability to a stored cross-site scripting attack that allows an attacker to execute arbitrary web script or HTML via ...

Mitel MiCollab Cross-Site Scripting Vulnerability (CNVD-2024-42933)

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A cross-site scripting vulnerability exists in Mitel MiCollab version 9.7.1.110 and prior versions, which stems from insufficient validation of...

PT-2024-9142

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack again...