7610 matches found
CVE-2025-24841
Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 is used as a rich text editor and an arbitrary script may be executed on a logged-in user's web browser...
CVE-2025-25054
Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is enabled and a user accesses a crafted page while logged in to the affected product, an arbitrary script may be executed on the web browser of the user...
CVE-2025-22888
Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser...
CVE-2025-22888
Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser...
Dell Update Package Framework Local Elevation of Privilege Vulnerability
Dell Update Package Framework is a framework for updating system components from Dell USA. The product focuses on providing installers for drivers, applications, BIOS, and firmware. The Dell Update Package Framework suffers from a local elevation of privilege vulnerability that originates from a...
JVN#48742353: Multiple cross-site scripting vulnerabilities in Movable Type
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-22888 Stored cross-si...
CVE-2024-11376
CVE-2024-11376 : Affected software is the WordPress plugin “s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions”. The vulnerability is a Reflected Cross-Site Scripting (XSS) due to the use of add_query_arg without proper escaping, reported...
Cisco AsyncOS Cross-Site Scripting Vulnerability (CNVD-2025-03528)
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A cross-site scripting vulnerability exists in Cisco AsyncOS that originates from improper user input validation and can be exploited by a remote attacker to execute arbitrary script code or access sensitive information via a...
ASUS RT-N12E 代码注入漏洞
The ASUS RT-N12E is a wireless router from the Chinese company ASUS. A cross-site scripting vulnerability exists in ASUS RT-N12E version 2.0.0.19, which stems from the lack of effective filtering and escaping of user-supplied data in the SSID parameter of the sysinfo.asp file, which can be...
CVE-2023-47804
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...
CVE-2022-47502
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...
CVE-2024-36773
A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php...
IBM QRadar SIEM 安全漏洞
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
CVE-2023-49780
Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product...
CVE-2023-49780
Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product...
CVE-2023-49780
CVE-2023-49780 is a cross-site scripting vulnerability in acmailer CGI versions 4.0.5 and earlier. The issue allows an arbitrary script to run in the web browser of users who access the management page. Affected product: acmailer CGI supplied by Extra Innovation Inc. Root cause: reflected/stored ...
CVE-2024-57409
A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field...
Code-Projects Wazifa System 代码注入漏洞
Wazifa System is a content management system. Wazifa System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the firstname/lastname parameter of the searchresualts.php file, which can be exploited to execute...
CVE-2024-57409
A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field...
CVE-2024-57409
A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field...