Trudesk 跨站脚本漏洞

Trudesk is an open source helpdesk/ticketing solution from Trudesk, Inc. A security vulnerability exists in Trudesk version 1.2.2 that stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit this vulnerability to execute arbitrary web script or HTML code via a...

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

TeamPass cross-site scripting vulnerability (CNVD-2023-67077)

TeamPass is an open source password manager. TeamPass 3.0.10 prior to the version of the cross-site scripting vulnerability , the vulnerability stems from the Default session expiration time function of the user-supplied data lack of effective filtering and escaping , the vulnerability can be...

CVE-2023-29998

A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...

CVE-2023-29998

A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...

CVE-2023-36970

A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...

Cross site scripting

A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-36970

A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...

Cross-site Scripting (XSS)

odoo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the binary field widget which allows an attackers to inject arbitrary web script via crafted uploaded file names...

Liferay DXP 7.4.13.70 < 7.4.13.74 XSS

The detected install of Liferay DXP is between 7.4.13.70 and 7.4.13.73. It is therefore affected by a Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.13.70 through 7.4.13.73, which allows remote attackers to inject arbitrary web script or HTML...

CVE-2023-28485

A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...

CVE-2023-28485

A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...

Liferay Portal CE 7.4.3.70 < 7.4.3.74 XSS

The detected install of Liferay Portal CE is between 7.4.3.70 and 7.4.3.73. It is therefore affected by a Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, which allows remote attackers to inject arbitrary web script or HT...

CVE-2023-33438

A stored Cross-site scripting XSS vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML...

Cross site scripting

A stored Cross-site scripting XSS vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML...

CVE-2023-3193

Cross-site scripting XSS vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the comliferaylayoutadminwebportletGroupPagesPortletbackURL...

CVE-2023-34666

Cross-site scripting XSS vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter...

CVE-2023-26842

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php...

CVE-2023-33780

A stored cross-site scripting XSS vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article...