7612 matches found
CVE-2024-20386
The CVE-2024-20386 entry describes stored XSS in the web-based management interface of Cisco Firepower Management Center (FMC) Software due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could inject crafted input into interface data fields to execute scrip...
CVE-2024-20377
CVE-2024-20377 concerns Cisco Firepower Management Center (FMC) web-based management interface. A stored XSS vulnerability arises from improper validation of user-supplied input, enabling an authenticated, remote attacker to lure a user into clicking a crafted link, which could execute arbitrary ...
CVE-2024-20372
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to...
CVE-2024-20300
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient...
Cisco Firepower Management Center 安全漏洞
Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...
Mitel MiCollab Cross-Site Scripting Vulnerability (CNVD-2024-42933)
Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A cross-site scripting vulnerability exists in Mitel MiCollab version 9.7.1.110 and prior versions, which stems from insufficient validation of...
PT-2024-9142
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack again...
GHSA-CHJ2-4VG7-HHG3 Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...
Mitel MiCollab 安全漏洞
Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A cross-site scripting vulnerability exists in Mitel MiCollab version 9.7.1.110 and prior versions, which stems from insufficient validation of...
Mitel MiCollab和Mitel MiVoice 代码注入漏洞
Mitel MiCollab and Mitel MiVoice are both products of Mitel Canada, a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees.Mitel MiVoice is an IP-capable telephone. A code injection vulnerability exists in Mitel MiCollab version...
CVE-2024-9206
The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2024-47793
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns column type: images or files, an arbitrary script may be executed on the web browser of the user...
CVE-2024-47793
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns column type: images or files, an arbitrary script may be executed on the web browser of the user...
IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2024-46815)
IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...
CVE-2024-46605
A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2024-46606
A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2024-20460
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user. This vulnerability is due to insufficient validation of user input...
CVE-2024-20512
CVE-2024-20512 concerns Cisco Unified Contact Center Management Portal (Unified CCMP). The vulnerability is a reflected cross-site scripting (XSS) flaw in the web-based management interface caused by improper validation of user input. An unauthenticated, remote attacker can lure a user to click a...
CVE-2024-20460 Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user. This vulnerability is due to insufficient validation of user input...
CVE-2024-6380
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...