Cisco Identity Services Engine Stored XSS (cisco-sa-ISE-XSS-bL4VTML)

According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site scripting vulnerability. A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to perform a stored cross-site...

Cisco TelePresence Management Suite < 15.13.6 XSS (cisco-sa-tms-portal-xss-AXNeVg3s)

According to its self-reported version, Cisco TelePresence Management Suite is affected by multiple cross-site scripting XSS vulnerabilities. Due to insufficient validation of the web-based management, a remote attacker can inject malicious data into a specific field of the interface. A successfu...

Online Lawyer Management System Cross-Site Scripting Vulnerability

Online Lawyer Management System is an online lawyer management system. Online Lawyer Management System version 1.0 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter First Name in the component Us...

Kashipara Food Management System Cross-Site Scripting Vulnerability (CNVD-2024-13476)

Kashipara Food Management System is a food management system from Kashipara. A cross-site scripting vulnerability exists in version 1.0 of the Kashipara Food Management System, which stems from the lack of effective filtering and escaping of user-supplied data in the partyaddress parameter of the...

Trend Micro Apex Central Cross-Site Scripting Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the Policy Management functionality. The issue results from the lack of proper...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2020-26628

A Cross-Site Scripting XSS vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile...

Code injection

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2023-29049

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2023-29049

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

Apache OpenOffice < 4.1.15 Multiple Vulnerabilities

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as stated in the vendor advisories and release notes. - Apache OpenOffice documents can contain links that call internal macros with arbitrary...

CVE-2023-7027

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This...

WireMock 安全漏洞

WireMock is WireMock open source a popular API simulation test open source tool . WireMock cross-site scripting vulnerability , the vulnerability stems from the logging function of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by...

Apache OpenOffice Parameter Injection Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases and more. A security vulnerability exists in Apache OpenOffice versions 4.1.14 and earlier, which stems from a...

CVE-2023-50470

A cross-site scripting XSS vulnerability in the component admin Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

SeaCMS 安全漏洞

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A cross-site scripting vulnerability exists in SeaCMS v12.8, which stems from the lack of effective filtering and escaping of user-supplied da...

CVE-2023-50175

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...

CVE-2023-49807

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-49779

Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-49598

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...