CVE-2024-35583

A cross-site scripting XSS vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field...

CVE-2024-35582

A cross-site scripting XSS vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field...

CVE-2024-35621

A cross-site scripting XSS vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field...

Laboratory Management System 安全漏洞

Laboratory Management System is a laboratory management system by oretnom23 individual developer. A security vulnerability exists in Laboratory Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into...

Laboratory Management System 安全漏洞

Laboratory Management System is a laboratory management system by oretnom23 individual developer. A security vulnerability exists in Laboratory Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into...

WordPress Spectra plugin cross-site scripting vulnerability (CNVD-2024-27891)

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Splunk Config Explorer vulnerable to cross-site scripting

Overview Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Splunk Config Explorer 安全漏洞

Splunk Config Explorer is an editor interface by Chris Younger, a personal developer. A security vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. An attacker can exploit the vulnerability to execute arbitrary scripts on a web browser...

CVE-2024-30419

A-blog cms contains a stored cross-site scripting (XSS) vulnerability: CVE-2024-30419 affects versions prior to 3.1.12, 3.0.x prior to 3.0.32, 2.11.x prior to 2.11.61, 2.10.x prior to 2.10.53, and 2.9 and earlier. If exploited, a user with contributor or higher privileges who can log in may cause...

WBSAirback 跨站脚本漏洞

WBSAirback is a next generation storage and backup system from WBSAirback. A cross-site scripting vulnerability exists in WBSAirback version 21.02.04, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload...

TOTOLINK X2000R 安全漏洞

TOTOLINK X2000R is a WiFi6 wireless router from China's Gion Electronics TOTOLINK that supports Gigabit network and EasyMesh function with multi-device connectivity and wireless expansion capability. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the...

WBSAirback 跨站脚本漏洞

WBSAirback is a next generation storage and backup system from WBSAirback. A cross-site scripting vulnerability exists in WBSAirback version 21.02.04, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload...

IBM UrbanCode Deploy 跨站脚本漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

CVE-2024-32674

Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

CVE-2024-32674

Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

WordPress Plugin Heator Social Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-33792

CVE-2024-33792 affects netis-systems MEX605 v2.00.06. A crafted payload to the tracert page allows an attacker to execute arbitrary OS commands (also described as an XSS vulnerability in some sources). The root cause centers on input handling on the tracert page leading to command execution/scrip...

CMSimple 安全漏洞

CMSimple is a free content management system. A security vulnerability exists in CMSimple version v5.15. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...

CVE-2024-33424

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section...

MiniCMS Cross-Site Scripting Vulnerability (CNVD-2024-24950)

MiniCMS is the minimalist content management system for personal websites. A cross-site scripting vulnerability exists in MiniCMS v.1.11, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTM...