7602 matches found
CVE-2023-47175
Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product...
CVE-2023-37280
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...
CVE-2023-37134
A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-37124
A stored cross-site scripting XSS vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2023-36492
Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...
CVE-2023-3588
A stored Cross-site Scripting XSS vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code...
CVE-2023-46394
A stored cross-site scripting XSS vulnerability in /home/user/editsubmit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter...
CVE-2023-33792
A stored cross-site scripting XSS vulnerability in the Create Site Groups /dcim/site-groups/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33791
A stored cross-site scripting XSS vulnerability in the Create Provider Accounts /circuits/provider-accounts/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33829
A stored cross-site scripting XSS vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...
CVE-2023-33795
A stored cross-site scripting XSS vulnerability in the Create Contact Roles /tenancy/contact-roles/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33797
A stored cross-site scripting XSS vulnerability in the Create Sites /dcim/sites/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33786
A stored cross-site scripting XSS vulnerability in the Create Circuit Types /circuits/circuit-types/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33793
A stored cross-site scripting XSS vulnerability in the Create Power Panels /dcim/power-panels/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33780
A stored cross-site scripting XSS vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article...
CVE-2023-33785
A stored cross-site scripting XSS vulnerability in the Create Rack Roles /dcim/rack-roles/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33335
Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...
CVE-2023-31457
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...
CVE-2023-30097
A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field...
CVE-2023-30095
A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field...