CVE-2020-5638

Cross-site scripting vulnerability in desknet's NEO desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

CVE-2020-5638

Cross-site scripting vulnerability in desknet's NEO desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

CVE-2020-5662

Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors...

CVE-2020-7318

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized...

CVE-2020-25343

Cross-site scripting XSS vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields'body' param via events\event.publisharticle.php...

SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting

Exploit Title: SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2020-08-28 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.getsymphony.com/ Software Link: https://www.getsymphony.com/ Version: 3.0.0 Tested on: Windows CVE : N/A...

CVE-2020-5586

Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors...

CVE-2020-5585

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors...

Security Bulletin: IBM Tivoli Netcool Impact is affected by an Arbitrary Script Injection vulnerability (CVE-2019-4681)

Summary IBM Tivoli Netcool Impact has addressed the following Arbitrary Script Injection vulnerability. Affected version of AngularJS shipped as a component of IBM Tivoli Netcool Impact. Vulnerability Details CVEID: CVE-2019-4681 DESCRIPTION: IBM Tivoli Netcool Impact is vulnerable to cross-site...

CVE-2020-10476

Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

PT-2020-12136 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to inject arbitrary web script or HTML via the p parameter in the admin/edit-glossary.php file. This enables reflected XSS attacks. Recommendations: For...

CVE-2012-2517

Cross-site scripting XSS vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product parameter to ajax.php...

CVE-2020-5528

Cross-site scripting vulnerability in Movable Type series Movable Type 7 r.4603 and earlier Movable Type 7, Movable Type 6.5.2 and earlier Movable Type 6.5, Movable Type Advanced 7 r.4603 and earlier Movable Type Advanced 7, Movable Type Advanced 6.5.2 and earlier Movable Type Advanced 6.5, Movab...

CVE-2013-4241

Multiple cross-site scripting XSS vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 image, 3 url, or 4 testimonial parameter to the Testimonial form hms-testimonials-addnew page; 5 dateformat...

CVE-2019-9541

: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5...

Cross site scripting

: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling Syst...

CVE-2019-9540

CVE-2019-9540 affects Telos Automated Message Handling System (AMHS) with a cross-site scripting vulnerability in prefs.asp. The issue arises from improper input neutralization during web page generation, allowing a remote attacker to inject arbitrary script into an AMHS session. Affected version...

CVE-2013-5978

Multiple cross-site scripting XSS vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Product name or 2 Price description fields via a request to wp-admin/admin.php. NOTE: This issue may on...

Cross site scripting

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

LJCMS is vulnerable to XSS (CNVD-2019-41680)

LJCMS is a free and open source content management system. LJCMS suffers from an XSS vulnerability that can be exploited by attackers to inject arbitrary web script or HTML...