7610 matches found
CVE-2023-29523
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write acces...
Remote code execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki...
CVE-2023-27777
Cross-site scripting XSS vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL...
CVE-2023-27777
Cross-site scripting XSS vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL...
CVE-2023-29522
CVE-2023-29522 affects XWiki Platform. Any user with view rights can execute arbitrary script macros (Groovy/Python) that enable remote code execution and unrestricted read/write access to wiki contents. The attack is triggered by opening a non-existing page whose name contains a dangerous payloa...
Campcodes Online Traffic Offense Management System Cross-Site Scripting Vulnerability
Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A cross-site scripting vulnerability exists in Campcodes Online Traffic Offense Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the...
Joruri Gw vulnerable to cross-site scripting
Overview Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Joruri Gw 跨站脚本漏洞
Joruri Gw is a web portal of Joruri Inc. A security vulnerability exists in Joruri Gw. An attacker can exploit the vulnerability to execute arbitrary scripts...
WordPress plugin Metform Elementor Contact Form Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2023-26846
A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates...
Siemens SCALANCE W1750D Improper Neutralization of Input During Web Page Generation (CVE-2022-37896)
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross- site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser...
LiveAction LiveSP 跨站脚本漏洞
LiveAction LiveSP is a network monitoring software for service providers from LiveAction. A security vulnerability exists in LiveAction LiveSP version v21.1.2. An attacker can exploit the vulnerability to execute arbitrary web script or HTML...
CVE-2023-20148
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
CVE-2023-20150
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
CVE-2023-20145
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
CVE-2023-20138
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
CVE-2023-20140
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...