2049 matches found
Cisco Firepower Management Center 安全漏洞
Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...
GHSA-CHJ2-4VG7-HHG3 Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...
Mitel MiCollab和Mitel MiVoice 代码注入漏洞
Mitel MiCollab and Mitel MiVoice are both products of Mitel Canada, a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees.Mitel MiVoice is an IP-capable telephone. A code injection vulnerability exists in Mitel MiCollab version...
Mitel MiCollab 安全漏洞
Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A cross-site scripting vulnerability exists in Mitel MiCollab version 9.7.1.110 and prior versions, which stems from insufficient validation of...
IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2024-46815)
IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...
CVE-2024-46606
A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2024-46605
A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
SeedDMS cross-site scripting vulnerability (CNVD-2024-41051)
SeedDMS is SeedDMS open source PHP and MySql based on a set of open source document management system . The system is mainly used to store and share documents . SeedDMS v6.0.28 version of the existence of cross-site scripting vulnerability , the vulnerability stems from the application of the...
CVE-2024-46409
A stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page...
Zenario CMS 安全漏洞
Zenario CMS is a Zenario open source application . Provides a Web-based content management system . A cross-site scripting vulnerability exists in Zenario CMS version 9.7.61188, which stems from the lack of effective filtering and escaping of user-supplied data in the "Organizer tags" field and c...
CVE-2024-41930
Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...
Advantech ADAM-5550 跨站脚本漏洞
Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from a cross-site scripting vulnerability that stems from the device failing to properly eliminate malicious code when parsing HTTP requests to generate page output. An attacker can...
CVE-2024-45836
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user...
Ellevo 安全漏洞
Ellevo is an enterprise process-oriented software from Ellevo. A cross-site scripting vulnerability exists in Ellevo version 6.2.0.38160, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web...
JVN#81966868: Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices
Multiple network devices network cameras and a router provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L Base Score 7.1 CVE-2024-45372 Cross-site scripting vulnerability in the web...
Dassault Systèmes 3DEXPERIENCE 安全漏洞
Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE. An attacker could exploit the vulnerability to execute arbitrary script code within a user's browser session...
Perfex CRM 安全漏洞
Perfex CRM is a customer relationship management software from Perfex CRM open source. Used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM v1.1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by...
CVE-2024-45625
Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator...
CVE-2024-8004
A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
Kashipara Hotel Management System Cross-Site Scripting Vulnerability
Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the useremail parameter of...