7612 matches found
CVE-2024-4158
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...
IBM UrbanCode Deploy 跨站脚本漏洞
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...
MantisBT 安全漏洞
MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. MantisBT 2.26.2 before the version of the cross-site scripting vulnerability , the vulnerability stems from the...
WBSAirback 跨站脚本漏洞
WBSAirback is a next generation storage and backup system from WBSAirback. A cross-site scripting vulnerability exists in WBSAirback version 21.02.04, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload...
WBSAirback 跨站脚本漏洞
WBSAirback is a next generation storage and backup system from WBSAirback. A cross-site scripting vulnerability exists in WBSAirback version 21.02.04, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload...
WBSAirback 跨站脚本漏洞
WBSAirback is a next generation storage and backup system from WBSAirback. A cross-site scripting vulnerability exists in WBSAirback version 21.02.04, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload...
TOTOLINK X2000R 安全漏洞
TOTOLINK X2000R is a WiFi6 wireless router from China's Gion Electronics TOTOLINK that supports Gigabit network and EasyMesh function with multi-device connectivity and wireless expansion capability. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the...
WBSAirback 跨站脚本漏洞
WBSAirback is a next generation storage and backup system from WBSAirback. A cross-site scripting vulnerability exists in WBSAirback version 21.02.04, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted payload...
CVE-2024-34749
Phormer prior to version 3.35 contains a cross-site scripting vulnerability (CWE-79). An unauthenticated remote attacker could cause arbitrary script execution in a user’s web browser. Affected: Phormer before 3.35. Root cause: reflected/stored XSS in the web interface (exact vector not detailed ...
CVE-2024-34749
Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote unauthenticated attacker may execute an arbitrary script on the web browser of the user...
CVE-2024-32674
Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...
CVE-2024-32674
Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...
WordPress Plugin Heator Social Login 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-50231
NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploi...
CVE-2023-42034
Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this...
CVE-2023-51633 Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability
Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the...
CVE-2023-51633 Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability
Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the...
CVE-2023-50231 NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability
NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploi...
CVE-2023-42034 Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability
Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this...
CVE-2023-42034 Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability
Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this...