CVE-2023-33335

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

CVE-2023-33335

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

Cross site scripting

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

CVE-2023-35978

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context...

Cross site scripting

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in...

Cross site scripting

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context...

CVE-2023-35978 Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context...

CVE-2023-35971 Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in...

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...

Sophos iView 跨站脚本漏洞

Sophos iView is a solution from Sophos UK. A security vulnerability exists in Sophos iView that stems from the presence of cross-site scripting XSS, which allows the execution of arbitrary scripts...

CVE-2023-33335

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

CVE-2023-32607

Stored cross-site scripting vulnerability in Pleasanter Community Edition and Enterprise Edition 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-36469

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

Cross site scripting

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...

CVE-2023-3332

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a...

CVE-2023-3332

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a...

CVE-2023-3332

CVE-2023-3332 affects NEC Aterm models (WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N, WR8170N). Root cause: Improper Neutralization of Input During Web Page Generation. Impact: enables an att...

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source CRM system for churches. Church CRM version v4.5.3 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script ...