CVE-2023-3332

CVE-2023-3332 affects NEC Aterm models (WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N, WR8170N). Root cause: Improper Neutralization of Input During Web Page Generation. Impact: enables an att...

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source CRM system for churches. Church CRM version v4.5.3 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script ...

DzzOffice 跨站脚本漏洞

DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk DzzOffice. The platform can be used to provide online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version...

CVE-2023-28485

A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...

JVN#97818024: Multiple vulnerabilities in Pleasanter

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-32607 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...

CVE-2023-34657

A stored cross-site scripting XSS vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the webrecordnum parameter...

Wolters Kluwer TeamMate+ 跨站脚本漏洞

Wolters Kluwer TeamMate+ is a financial audit management software from Wolters Kluwer, a Dutch company. A security vulnerability exists in Wolters Kluwer TeamMate+ version 35.0.11.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...

WordPress Theme Weaver Xtreme 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress Theme Weaver Xtreme 5.0.7 and earlie...

miniCal Cross-Site Scripting Vulnerability

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...

Schweitzer Engineering Laboratories RTAC Cross-site Scripting (CVE-2023-31154)

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...

Schweitzer Engineering Laboratories RTAC Cross-site Scripting (CVE-2023-31157)

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...

miniCal 跨站脚本漏洞

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...

CRM and Lead Management by vcita <= 2.7.1 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a user with the contributor role or higher to click a link. The plugin does not protect its settings page against CSRF attacks, allowing an...

CVE-2023-28651

Cross-site scripting vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is...

CVE-2023-30758

Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is...

Cross site scripting

Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-30758

Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-30758

The CVE-2023-30758 entry concerns Pleasanter software with a Cross-site scripting (CWE-79) in versions 1.3.38.1 and earlier. An authenticated remote attacker can inject arbitrary scripts into the victim’s browser. Impact is user-side script execution for logged-in users; no exploitation steps are...

CVE-2023-33736

A stored cross-site scripting XSS vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter...