CVE-2024-28034

The CVE-2024-28034 entry describes a cross-site scripting (CWE-79) vulnerability in Mini Thread Version 3.33βi. An arbitrary script could be executed in the browser of users visiting a site that uses this product. The focal product is Mini Thread 3.33βi; the root cause and exact vulnerable compon...

CVE-2024-26018

TvRock is affected by a cross-site scripting vulnerability (CWE-79) in version 0.9t8a. The issue allows arbitrary script execution in the browser of users visiting a site that uses TvRock, with the root cause noted as the developer being unreachable. Multiple sources (NVD, Red Hat, JVN, PtSecurit...

Mini Thread vulnerable to cross-site scripting

Overview Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of...

JVN#46874970: 0ch BBS Script (0ch) vulnerable to cross-site scripting

0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be...

Zerochannel 0ch BBS Script 安全漏洞

Zerochannel 0ch BBS Script is a bulletin board software from Zerochannel, Inc. A security vulnerability exists in Zerochannel 0ch BBS Script version ver.4.00, which originated from a vulnerability that allows an attacker to execute arbitrary scripts on the web browser of a user who visits a web...

TOTOLINK X2000R 安全漏洞

TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics that supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion capabilities. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the application's lack of...

GHSA-MJQ8-GG9X-87GR FitNesse Cross-site Scripting vulnerability

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

FitNesse Cross-site Scripting vulnerability

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

CVE-2024-28128

Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter...

CVE-2024-23604

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...

CVE-2024-23604

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...

CVE-2023-39223

Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser...

Cisco IP Phones 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting (CVE-2019-16008)

A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of an affected system. The vulnerability is due to...

TOTOLINK X2000R 安全漏洞

TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics that supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion capabilities. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the lack of effective...

Input validation

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only...

CVE-2024-21584

Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user...

CVE-2024-25994

CVE-2024-25994 affects Phoenix Contact CHARX SEC devices (CHARX SEC-3100, and related SEC series). The CharxUpdateAgent service listens on TCP port 9999 and fails to validate user-supplied data, enabling an unauthenticated attacker to upload arbitrary script files to a fixed write-only location. ...

CVE-2024-21584

Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user...

CVE-2024-21584

Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user...