CVE-2023-24234

A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

CVE-2023-24233

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...

CVE-2023-24322

A reflected cross-site scripting XSS vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters...

CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

CVE-2023-22333

Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-22333

Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script...

Cross site scripting

A stored cross-site scripting XSS vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages...

CVE-2023-24494

A stored cross-site scripting XSS vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user...

Small CRM 跨站脚本漏洞

PHPGurukul Small CRM is a customer relationship management system. A security vulnerability exists in Small CRM v3.0, which stems from the Subject parameter of its Create Ticket page that allows an attacker to inject a crafted payload to execute arbitrary web script and HTML...

AlmaLinux 9 : libreoffice (ALSA-2023:0304)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0304 advisory. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme...

CVE-2022-45730

A cross-site scripting XSS vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function...

EasyMail vulnerable to cross-site scripting

Overview EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Toyama Taku reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed...

libreoffice security update

7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:7.1.8.1-8 - Resolves: rhbz2134759 Untrusted Macros - Resolves: rhbz2134757 Weak Master Keys - Resolves: rhbz2134755 Static...

Oracle Linux 9 : libreoffice (ELSA-2023-0304)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0304 advisory. 7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option...

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RHEL 9 : libreoffice (RHSA-2023:0304)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

CVE-2023-20037

A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by...