SeedDMS cross-site scripting vulnerability (CNVD-2024-41051)

SeedDMS is SeedDMS open source PHP and MySql based on a set of open source document management system . The system is mainly used to store and share documents . SeedDMS v6.0.28 version of the existence of cross-site scripting vulnerability , the vulnerability stems from the application of the...

WordPress plugin Category Icon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2024-46409

A stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page...

PT-2024-29431 · Cadclick · Cadclick

Name of the Vulnerable Software and Affected Versions: CADClick versions 1.11.0 and earlier Description: A reflected cross-site scripting XSS vulnerability is present in "Artikel.aspx" in CADClick, allowing remote attackers to inject arbitrary web script or HTML via the searchindex parameter. Thi...

Zenario CMS 安全漏洞

Zenario CMS is a Zenario open source application . Provides a Web-based content management system . A cross-site scripting vulnerability exists in Zenario CMS version 9.7.61188, which stems from the lack of effective filtering and escaping of user-supplied data in the "Organizer tags" field and c...

CVE-2024-41930

CVE-2024-41930 affects MF Teacher Performance Management System (version 6). The Red Hat/NVD/JVN records describe a cross-site scripting (CWE-79) vulnerability that can allow arbitrary script execution in a user’s browser when visiting the product’s web interface. The issue is confirmed across mu...

CVE-2024-41930

Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

CVE-2024-41930

Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

Advantech ADAM-5550 跨站脚本漏洞

Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from a cross-site scripting vulnerability that stems from the device failing to properly eliminate malicious code when parsing HTTP requests to generate page output. An attacker can...

Piwigo 安全漏洞

Piwigo is Piwigo open source a set of Web-based open source image library software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version v14.5.0, which stems from vulnerability to cross-site...

CVE-2024-45836

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user...

CVE-2024-45836

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user...

CVE-2024-45836

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user...

WordPress plugin Themedy Toolbox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-20475

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based...

Ellevo 安全漏洞

Ellevo is an enterprise process-oriented software from Ellevo. A cross-site scripting vulnerability exists in Ellevo version 6.2.0.38160, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web...

WordPress plugin Radio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

JVN#81966868: Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices

Multiple network devices network cameras and a router provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L Base Score 7.1 CVE-2024-45372 Cross-site scripting vulnerability in the web...

Google Chrome Cross-Site Scripting Vulnerability (CNVD-2024-38800)

Google Chrome is a web browser from Google, an American company. A cross-site scripting vulnerability exists in Google Chrome prior to version 129.0.6668.58, which stems from insufficient UI gesture validation in Omnibox on the Android platform, and can be exploited by an attacker to inject...

CVE-2024-7736

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...