CVE-2024-52268

The CVE-2024-52268 entry concerns the VK All in One Expansion Unit WordPress plugin. A stored cross-site scripting (CWE-79) vulnerability affects versions prior to 9.100.1.0, allowing an attacker to execute arbitrary JavaScript in a user’s browser when visiting a site using the vulnerable plugin....

CVE-2024-52268

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...

PT-2024-34473 · Unknown · Ferozo Webmail

Name of the Vulnerable Software and Affected Versions: Ferozo Webmail version 1.1 Description: A Cross-Site Scripting XSS issue allows attackers to execute arbitrary scripts. Recommendations: For Ferozo Webmail version 1.1, at the moment, there is no information about a newer version that contain...

Code-Projects Jonnys Liquor 跨站脚本漏洞

jonnys Liquor is a content and management system. jonnys Liquor suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary web script or HTML by...

Cisco IP Phone Cross-Site Scripting Vulnerability (CNVD-2024-45292)

Cisco IP Phone is a hardware device from the American company Cisco Cisco. IP Phone that provides calling capabilities. The Cisco IP Phone suffers from a cross-site scripting vulnerability that stems from the affected device's WebUI not properly validating user-supplied input. An authenticated,...

VK All in One Expansion Unit 跨站脚本漏洞

VK All in One Expansion Unit is a plugin from Vektor for extending and enhancing the functionality of a website, which provides several functional modules and tools to help webmasters easily add various features and functionality. A cross-site scripting vulnerability previously existed in VK All ...

WordPress plugin NiceJob 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Beauty Parlour Management System Cross-Site Scripting Vulnerability (CNVD-2025-20923)

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a cross-site scripting vulnerability, which originates from a cross-site scripting vulnerability in...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Online Shopping Portal dom_data.php file cross-site scripting vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...

CVE-2024-20533

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks against users. This vulnerabilit...

CVE-2024-20530

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An...

CVE-2024-20514

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This...

CVE-2024-20525

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An...

CVE-2024-20538

CVE-2024-20538 concerns Cisco Identity Services Engine (ISE) web-based management interface. Documents confirm a cross-site scripting (XSS) vulnerability in the ISE web UI caused by insufficient input validation, enabling an unauthenticated, remote attacker to entice a user to click a crafted lin...

CVE-2024-20538 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An...

CVE-2024-20538 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An...

CVE-2024-20530 Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An...

CVE-2024-20511

CVE-2024-20511 describes a cross-site scripting (XSS) vulnerability in the web-based management interfaces of Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). The issue stems from insufficient input validation in the web UI, allowing an...