CVE-2023-6186 Link targets allow arbitrary script execution

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

JFinalCMS 安全漏洞

JFinalCMS is a content management system. JFinalCMS suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data in the model management department, which can be exploited by an attacker to execute arbitrary Web script or HTML ...

JFinalCMS 安全漏洞

JFinalCMS is a content management system. JFinalCMS v5.0.0 version exists cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the navigation management department, an attacker exploits the vulnerability by injectin...

JFinalCMS 安全漏洞

JFinalCMS is a content management system. JFinalCMS v5.0.0 version exists cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the section management department, an attacker can exploit this vulnerability by injecti...

Cross site scripting

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...

CVE-2023-34439

Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...

Cisco IP Phone Stored XSS (cisco-sa-uipphone-xss-NcmUykqA)

According to its self-reported version, Cisco IP Phone Stored Cross-Site Scripting may be affected by a cross-site scripting XSS vulnerability. Due to insufficient validation of user-supplied input, an authenticated, remote attacker can conduct an XSS attacker against a user of the interface on t...

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be...

Cross site scripting

A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctypeadd&ajax=1&lang=cn...

Cross site scripting

A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&ajax=1&lang=cn...

Cross-Site Scripting

hoteldruid is vulnerable to Cross-Site Scripting. The vulnerability is due to improper neutralization of input during web page generation. This allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

WordPress Plugin Shortcodes Ultimate Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Apache NiFi 跨站脚本漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...

Cisco IP Phone Cross-Site Scripting Vulnerability

Cisco IP Phone is a hardware device from the American company Cisco Cisco. IP Phone that provides calling capabilities. Cisco IP Phones suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the web-based management...

Cross site scripting

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation ...

CVE-2023-20265

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation ...

CVE-2023-20265

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation ...

CVE-2023-5599

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code...

CVE-2023-5598

Stored Cross-site Scripting XSS vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code...

CVE-2023-5598

Stored Cross-site Scripting XSS vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code...