CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...

LuxSoft LuxCal Web Calendar 跨站脚本漏洞

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar that stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to...

XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message

Impact Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: 1. Open the invitation...

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to...

CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to...

CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to...

CVE-2023-40281

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

CVE-2023-20203

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

CVE-2023-20222

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. The...

CVE-2023-32748

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 22.24.1500.0 could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...

CVE-2023-37625

CVE-2023-37625 describes a stored cross-site scripting (XSS) vulnerability in NetBox v3.4.7, exploitable via a crafted payload injected into the Custom Link templates. The available sources (NVD/OSV, etc.) consistently identify the affected software as NetBox 3.4.7 and the vulnerability as stored...

PT-2023-4338 · Softing · Softing Edgeaggregator

Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this issue, where th...

CVE-2023-20204

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...

CVE-2023-20181

A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the...

CVE-2023-20181

A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the...

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the file function at Response.php due to the MIME auto-detection of uploaded files which allows an attacker to upload a file with an arbitrary MIME type and inject arbitrary scripts...

Cisco NX-OS Software NX-API Sandbox Cross-site Scripting (CVE-2019-1733)

A vulnerability in the NX API NX-API Sandbox interface for Cisco NX- OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of...

Cross site scripting

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

CVE-2023-37613

CVE-2023-37613 describes an XSS vulnerability in Assembly Software Trialworks v11.4, where an attacker can inject a crafted payload into the asset src parameter to execute arbitrary web scripts/HTML in the victim’s browser. The connected sources consistently identify the affected product/version ...