CVE-2024-20372

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to...

CVE-2024-20300

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient...

PT-2024-9142

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack again...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

Mitel MiCollab Cross-Site Scripting Vulnerability (CNVD-2024-42933)

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A cross-site scripting vulnerability exists in Mitel MiCollab version 9.7.1.110 and prior versions, which stems from insufficient validation of...

GHSA-CHJ2-4VG7-HHG3 Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...

Mitel MiCollab和Mitel MiVoice 代码注入漏洞

Mitel MiCollab and Mitel MiVoice are both products of Mitel Canada, a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees.Mitel MiVoice is an IP-capable telephone. A code injection vulnerability exists in Mitel MiCollab version...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A cross-site scripting vulnerability exists in Mitel MiCollab version 9.7.1.110 and prior versions, which stems from insufficient validation of...

CVE-2024-9206

The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-47793

Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns column type: images or files, an arbitrary script may be executed on the web browser of the user...

CVE-2024-47793

Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns column type: images or files, an arbitrary script may be executed on the web browser of the user...

IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2024-46815)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

CVE-2024-46605

A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2024-46606

A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2024-20460

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user. This vulnerability is due to insufficient validation of user input...

CVE-2024-20512

CVE-2024-20512 concerns Cisco Unified Contact Center Management Portal (Unified CCMP). The vulnerability is a reflected cross-site scripting (XSS) flaw in the web-based management interface caused by improper validation of user input. An unauthenticated, remote attacker can lure a user to click a...

CVE-2024-20460 Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user. This vulnerability is due to insufficient validation of user input...

CVE-2024-6380

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-6380 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-6380

CVE-2024-6380 is a reflected XSS vulnerability affecting ENOVIA Collaborative Industry Innovator (3DEXPERIENCE R2022x through R2024x). Connected sources confirm the issue targets the product/component (ENOVIA/Collaborative Industry Innovator) via reflective XSS, enabling arbitrary script executio...